PT-2025-11306 · Hdf5+1 · Hdf5+1

Zhang Yaoliang

Published

2025-03-14

Updated

2026-01-16

CVE-2025-2310

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions HDF5 version 1.14.6

Description A critical issue affects the function H5MM strndup of the component Metadata Attribute Decoder, leading to heap-based buffer overflow. The manipulation requires local attacking. The exploit has been disclosed to the public and may be used. The vendor plans to fix this issue in an upcoming release.

Recommendations For HDF5 version 1.14.6, as a temporary workaround, consider disabling the H5MM strndup function until a patch is available.

Exploit

Fix

Buffer Overflow

Heap Based Buffer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-122CWE-787

Related Identifiers

AZL-58806

AZL-58825

CVE-2025-2310

ECHO-CCD1-8584-5447

OESA-2026-1131

OESA-2026-1132

OESA-2026-1133

OESA-2026-1134

OESA-2026-1135

RHSA-2025:23731

Affected Products

Debian

Hdf5

PT-2025-11306 · Hdf5+1 · Hdf5+1

CVE-2025-2310

Weakness Enumeration

Related Identifiers

Affected Products

References · 51