New subject: [Bug 1011205] VUL-0: CVE-2016-4332: hdf5: Shareable Message Type Code Execution Vulnerability

21 Nov 2016

      http://bugzilla.suse.com/show_bug.cgi?id=1011205

            Bug ID: 1011205
           Summary: VUL-0: CVE-2016-4332: hdf5: Shareable Message Type
                    Code Execution Vulnerability
    Classification: openSUSE
           Product: openSUSE Distribution
           Version: Leap 42.2
          Hardware: Other
                OS: Other
            Status: NEW
          Severity: Normal
          Priority: P5 - None
         Component: Security
          Assignee: dmitry@roshchin.org
          Reporter: abergmann@suse.com
        QA Contact: qa-bugs@suse.de
          Found By: Security Response Team
           Blocker: ---

CVE-2016-4332

The library's failure to check if certain message types support a particular
flag, the HDF5 1.8.16 library will cast the structure to an alternative
structure and then assign to fields that aren't supported by the message type
and the library will write outside the bounds of the heap buffer. This can lead
to code execution under the context of the library.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4332
http://www.cvedetails.com/cve/CVE-2016-4332/
http://www.talosintelligence.com/reports/TALOS-2016-0178/

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug 1011205] New: VUL-0: CVE-2016-4332: hdf5: Shareable Message Type Code Execution Vulnerability

bugzilla_noreply＠novell.com

bugzilla_noreply＠novell.com

bugzilla_noreply＠novell.com

bugzilla_noreply＠novell.com

bugzilla_noreply＠novell.com

bugzilla_noreply＠novell.com

bugzilla_noreply＠novell.com

bugzilla_noreply＠novell.com

bugzilla_noreply＠novell.com

tags

participants (1)