Candidate: CVE-2016-4333
PublicDate: 2016-11-18 20:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4333
 http://www.talosintelligence.com/reports/TALOS-2016-0179/
Description:
 The HDF5 1.8.16 library allocating space for the array using a value from
 the file has an impact within the loop for initializing said array allowing
 a value within the file to modify the loop's terminator. Due to this, an
 aggressor can cause the loop's index to point outside the bounds of the
 array when initializing it.
Ubuntu-Description:
 It was discovered that HDF5 incorrectly handled memory allocation. An
 attacker could possibly use this issue to execute arbitrary code.
Notes:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H [8.6 HIGH]

Patches_hdf5:
upstream_hdf5: released (1.8.18)
precise_hdf5: ignored (reached end-of-life)
precise/esm_hdf5: DNE (precise was needs-triage)
trusty_hdf5: released (1.8.11-5ubuntu7.1)
trusty/esm_hdf5: released (1.8.11-5ubuntu7.1)

vivid/stable-phone-overlay_hdf5: DNE
vivid/ubuntu-core_hdf5: DNE
xenial_hdf5: released (1.8.16+docs-4ubuntu1.1)

yakkety_hdf5: ignored (reached end-of-life)
zesty_hdf5: ignored (reached end-of-life)
artful_hdf5: ignored (reached end-of-life)
bionic_hdf5: not-affected (1.10.0-patch1+docs-1~exp5)
devel_hdf5: not-affected (1.10.0-patch1+docs-1~exp5)