[Bug 1011205] New: VUL-0: CVE-2016-4332: hdf5: Shareable Message Type Code Execution Vulnerability
http://bugzilla.suse.com/show_bug.cgi?id=1011205 Bug ID: 1011205 Summary: VUL-0: CVE-2016-4332: hdf5: Shareable Message Type Code Execution Vulnerability Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.2 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: dmitry@roshchin.org Reporter: abergmann@suse.com QA Contact: qa-bugs@suse.de Found By: Security Response Team Blocker: --- CVE-2016-4332 The library's failure to check if certain message types support a particular flag, the HDF5 1.8.16 library will cast the structure to an alternative structure and then assign to fields that aren't supported by the message type and the library will write outside the bounds of the heap buffer. This can lead to code execution under the context of the library. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4332 http://www.cvedetails.com/cve/CVE-2016-4332/ http://www.talosintelligence.com/reports/TALOS-2016-0178/ -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1011205
http://bugzilla.suse.com/show_bug.cgi?id=1011205#c1
Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1011205
http://bugzilla.suse.com/show_bug.cgi?id=1011205#c2
Johannes Segitz
http://bugzilla.suse.com/show_bug.cgi?id=1011205
http://bugzilla.suse.com/show_bug.cgi?id=1011205#c3
--- Comment #3 from Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1011205
Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1011205
Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1011205
http://bugzilla.suse.com/show_bug.cgi?id=1011205#c6
--- Comment #6 from Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1011205
http://bugzilla.suse.com/show_bug.cgi?id=1011205#c7
--- Comment #7 from Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1011205
Marcus Meissner
participants (1)
-
bugzilla_noreply@novell.com