AZL-58810

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-58810.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-58810

Upstream

CVE-2025-2308

Published

2025-03-14T21:15:37Z

Modified

2026-04-21T04:37:08.497184Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

CVE-2025-2308 affecting package hdf5 1.14.6-1

Details

A vulnerability, which was classified as critical, was found in HDF5 1.14.6. This affects the function H5Z_scaleoffsetdecompressonebyte of the component Scale-Offset Filter. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The vendor plans to fix this issue in an upcoming release.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-2308

Affected packages

Azure Linux:3 / hdf5

Package

Name: hdf5
Purl: pkg:rpm/azure-linux/hdf5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

1.14.6-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-58810.json"