According to the RedHat summary: The vulnerability exists due to the library’s failure to check if certain message types support a particular flag. When this flag is set, the library will cast the structure to an alternative structure and then assign to fields that aren’t supported by the message type. Due to the message type not being able to support this flag, the library will write outside the bounds of the heap buffer. This can lead to code execution under the context of the library. Upstream fix: https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/e1d50d498a0affbbd6e088b524fd495ea95dea88 Reproducible: Always
CVE-2016-4332 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4332): The library's failure to check if certain message types support a particular flag, the HDF5 1.8.16 library will cast the structure to an alternative structure and then assign to fields that aren't supported by the message type and the library will write outside the bounds of the heap buffer. This can lead to code execution under the context of the library.
This issue was resolved and addressed in GLSA 201701-13 at https://security.gentoo.org/glsa/201701-13 by GLSA coordinator Thomas Deutschmann (whissi).