CVE-2025-2309

Name of the Vulnerable Software and Affected Versions HDF5 version 1.14.6

Description A vulnerability has been found in HDF5 and classified as critical. This issue affects the function H5T bit copy of the component Type Conversion Logic. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about a batch of vulnerabilities, but their response was to reject without further explanation.

Recommendations As a temporary workaround, consider disabling the H5T bit copy function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.