PT-2025-13549 · Hdf5+1 · Hdf5+1
Chen Lihai
·
Published
2025-03-28
·
Updated
2026-03-29
·
CVE-2025-2913
CVSS v3.1
5.3
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
HDF5 versions up to 1.14.6
Description
A issue was found in the function
H5FL blk gc list of the file src/H5FL.c. The manipulation of the argument H5FL blk head t leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.Recommendations
For HDF5 versions up to 1.14.6, as a temporary workaround, consider disabling the function
H5FL blk gc list until a patch is available.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Buffer Overflow
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Debian
Hdf5