CVE-2025-2912

CVSS v3.1

5.3

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions HDF5 versions up to 1.14.6

Description A heap-based buffer overflow issue has been identified, affecting the H5O msg flush function in the file src/H5Omessage.c. The manipulation of the oh argument leads to this issue. The attack requires local access.

Recommendations For HDF5 versions up to 1.14.6, consider restricting access to the H5O msg flush function until a patch is available. As a temporary workaround, avoid using the oh argument in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Buffer Overflow

Heap Based Buffer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-122CWE-787

Related Identifiers

CVE-2025-2912

ECHO-DFC4-87E9-66A2

OESA-2026-1131

OESA-2026-1132

OESA-2026-1133

OESA-2026-1134

OESA-2026-1135

Affected Products

Debian

Hdf5

CVE-2025-2912

Weakness Enumeration

Related Identifiers

Affected Products

References · 46