CVE-2025-2309

Medium CVSS: 4.8

A vulnerability has been found in HDF5 1.14.6 and classified as critical. This vulnerability affects the function H5T__bit_copy of the component Type Conversion Logic. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor plans to fix this issue in an upcoming release.

Vendor

Hdfgroup

Product

Hdf5

CWE

CWE-119

Yayın Tarihi

2025-03-14 21:15:37

Güncelleme

2025-05-28 18:13:22

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-119 Hdf5 MEDIUM Hdfgroup 2025

Referanslar

https://github.com/madao123123/crash_report/blob/main/hdf5_poc/hdf5_poc3.md https://vuldb.com/?ctiid.299722 https://vuldb.com/?id.299722 https://vuldb.com/?submit.514532

Benzer Kayıtlar

High

CVE-2026-26200

HDF5 is software for managing data. Prior to version 1.14.4-2, an attacker who can control an `h5` file parsed by HDF5 c…

Medium

CVE-2025-7068

A vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. This issue affects the function H5F…

Medium

CVE-2025-7069

A vulnerability, which was classified as problematic, was found in HDF5 1.14.6. Affected is the function H5FS__sect_link…

Medium

CVE-2025-7067

A vulnerability classified as problematic was found in HDF5 1.14.6. This vulnerability affects the function H5FS__sinfo_…

Medium

CVE-2025-6858

A vulnerability was found in HDF5 1.14.6 and classified as problematic. Affected by this issue is the function H5C__flus…

Medium

CVE-2025-6857

A vulnerability has been found in HDF5 1.14.6 and classified as problematic. Affected by this vulnerability is the funct…