CVE-2025-2309

Source
https://cve.org/CVERecord?id=CVE-2025-2309
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-2309.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-2309
Downstream
Published
2025-03-14T21:00:07.781Z
Modified
2026-07-08T08:11:59.626316471Z
Severity
  • 4.8 (Medium) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N CVSS Calculator
Summary
HDF5 Type Conversion Logic H5T__bit_copy heap-based overflow
Details

A vulnerability has been found in HDF5 1.14.6 and classified as critical. This vulnerability affects the function H5T_bitcopy of the component Type Conversion Logic. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor plans to fix this issue in an upcoming release.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/2xxx/CVE-2025-2309.json",
    "cna_assigner": "VulDB",
    "cwe_ids": [
        "CWE-119",
        "CWE-122"
    ],
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "introduced": "1.14.6"
                },
                {
                    "last_affected": "1.14.6"
                }
            ],
            "source": "AFFECTED_FIELD"
        }
    ]
}
References

Affected packages

Git / github.com/hdfgroup/hdf5

Affected ranges

Type
GIT
Repo
https://github.com/hdfgroup/hdf5
Events
Database specific
{
    "cpe": "cpe:2.3:a:hdfgroup:hdf5:1.14.6:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "1.14.6"
        },
        {
            "last_affected": "1.14.6"
        }
    ],
    "source": "CPE_STRING"
}

Affected versions

1.*
1.14.6
hdf5-1.*
hdf5-1.14.6
hdf5_1.*
hdf5_1.14.6

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-2309.json"