{"id":"CVE-2016-4331","details":"When decoding data out of a dataset encoded with the H5Z_NBIT decoding, the HDF5 1.8.16 library will fail to ensure that the precision is within the bounds of the size leading to arbitrary code execution.","modified":"2026-07-08T12:44:24.093554Z","published":"2016-11-18T20:59:02.240Z","related":["openSUSE-SU-2018:1051-1","openSUSE-SU-2018:1056-1"],"references":[{"type":"WEB","url":"http://www.securityfocus.com/bid/94411"},{"type":"ADVISORY","url":"http://www.debian.org/security/2016/dsa-3727"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201701-13"},{"type":"EVIDENCE","url":"http://www.talosintelligence.com/reports/TALOS-2016-0177/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/hdfgroup/hdf5","events":[{"introduced":"28cd632b8d7a280b44cc4d2e18a01a0319d0275d"},{"last_affected":"28cd632b8d7a280b44cc4d2e18a01a0319d0275d"}],"database_specific":{"source":"CPE_STRING","cpe":"cpe:2.3:a:hdfgroup:hdf5:1.8.16:*:*:*:*:*:*:*","extracted_events":[{"introduced":"1.8.16"},{"last_affected":"1.8.16"}]}}],"versions":["1.8.16","hdf5-1_8_16"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-4331.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}]}