Hi,

Apparently a number of security relevant problems have been found in the
HDF5 library and have been publicised a couple of weeks ago:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4330
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4331
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4332
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4333


I understand there is some risk opening untrusted HDF5 files with an
unfixed library. Some linux distributions have pushed out patched versions
(for example Debian), but I’m not sure there is a source release available
(or a binary build for that matter) from the HDF group. At least I could
not see any announcement in this mailing list or on their web page.

Best wishes,
Tobias


_______________________________________________
Hdf-forum is for HDF software users discussion.
Hdf-forum@lists.hdfgroup.org
http://lists.hdfgroup.org/mailman/listinfo/hdf-forum_lists.hdfgroup.org
Twitter: https://twitter.com/hdf5

Reply via email to