Candidate: CVE-2016-4330
PublicDate: 2016-11-18 20:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4330
 http://www.talosintelligence.com/reports/TALOS-2016-0176/
Description:
 In the HDF5 1.8.16 library's failure to check if the number of dimensions
 for an array read from the file is within the bounds of the space allocated
 for it, a heap-based buffer overflow will occur, potentially leading to
 arbitrary code execution.
Ubuntu-Description:
 It was discovered that HDF5 incorrectly handled certain input files. An
 attacker could possibly use this issue to execute arbitrary code.
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H [8.6 HIGH]

Patches_hdf5:
upstream_hdf5: released (1.8.18)
precise_hdf5: ignored (reached end-of-life)
precise/esm_hdf5: DNE (precise was needs-triage)
trusty_hdf5: released (1.8.11-5ubuntu7.1)
trusty/esm_hdf5: released (1.8.11-5ubuntu7.1)

vivid/stable-phone-overlay_hdf5: DNE
vivid/ubuntu-core_hdf5: DNE
xenial_hdf5: released (1.8.16+docs-4ubuntu1.1)

yakkety_hdf5: ignored (reached end-of-life)
zesty_hdf5: ignored (reached end-of-life)
artful_hdf5: ignored (reached end-of-life)
bionic_hdf5: not-affected (1.10.0-patch1+docs-1~exp5)
devel_hdf5: not-affected (1.10.0-patch1+docs-1~exp5)