PT-2025-13550 · Hdf5+1 · Hdf5+1

Chen Lihai

Published

2025-03-28

Updated

2026-01-16

CVE-2025-2914

CVSS v3.1

3.3

Low

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions HDF5 versions up to 1.14.6

Description A problematic vulnerability has been found in HDF5, affecting the function H5FS sinfo Srialize Sct cb of the file src/H5FScache.c. The manipulation of the argument sect leads to a heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.

Recommendations For HDF5 versions up to 1.14.6, as a temporary workaround, consider disabling the H5FS sinfo Srialize Sct cb function until a patch is available. Restrict access to the src/H5FScache.c file to minimize the risk of exploitation. Avoid using the argument sect in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Buffer Overflow

Heap Based Buffer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-122CWE-787

Related Identifiers

AZL-59361

AZL-59391

CVE-2025-2914

ECHO-850F-6B2E-ED4B

OESA-2026-1005

OESA-2026-1006

OESA-2026-1007

OESA-2026-1131

OESA-2026-1132

OESA-2026-1133

Affected Products

Debian

Hdf5

PT-2025-13550 · Hdf5+1 · Hdf5+1

CVE-2025-2914

Weakness Enumeration

Related Identifiers

Affected Products

References · 51