Hi, Apparently a number of security relevant problems have been found in the HDF5 library and have been publicised a couple of weeks ago:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4330 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4331 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4332 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4333 I understand there is some risk opening untrusted HDF5 files with an unfixed library. Some linux distributions have pushed out patched versions (for example Debian), but I’m not sure there is a source release available (or a binary build for that matter) from the HDF group. At least I could not see any announcement in this mailing list or on their web page. Best wishes, Tobias _______________________________________________ Hdf-forum is for HDF software users discussion. [email protected] http://lists.hdfgroup.org/mailman/listinfo/hdf-forum_lists.hdfgroup.org Twitter: https://twitter.com/hdf5
