Candidate: CVE-2016-4331
PublicDate: 2016-11-18 20:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4331
 http://www.talosintelligence.com/reports/TALOS-2016-0177/
Description:
 When decoding data out of a dataset encoded with the H5Z_NBIT decoding, the
 HDF5 1.8.16 library will fail to ensure that the precision is within the
 bounds of the size leading to arbitrary code execution.
Ubuntu-Description:
 It was discovered that HDF5 incorrectly handled decoding of data. An
 attacker could possibly use this issue to execute arbitrary code.
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H [8.6 HIGH]

Patches_hdf5:
upstream_hdf5: released (1.8.18)
precise_hdf5: ignored (reached end-of-life)
precise/esm_hdf5: DNE (precise was needs-triage)
trusty_hdf5: released (1.8.11-5ubuntu7.1)
trusty/esm_hdf5: released (1.8.11-5ubuntu7.1)

vivid/stable-phone-overlay_hdf5: DNE
vivid/ubuntu-core_hdf5: DNE
xenial_hdf5: released (1.8.16+docs-4ubuntu1.1)

yakkety_hdf5: ignored (reached end-of-life)
zesty_hdf5: ignored (reached end-of-life)
artful_hdf5: ignored (reached end-of-life)
bionic_hdf5: not-affected (1.10.0-patch1+docs-1~exp5)
devel_hdf5: not-affected (1.10.0-patch1+docs-1~exp5)