CVE-2025-2913

Source
https://cve.org/CVERecord?id=CVE-2025-2913
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-2913.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-2913
Downstream
Published
2025-03-28T16:31:04.298Z
Modified
2026-07-08T07:59:30.054410378Z
Severity
  • 1.9 (Low) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
HDF5 H5FL.c H5FL__blk_gc_list use after free
Details

A vulnerability was found in HDF5 up to 1.14.6. It has been rated as critical. Affected by this issue is the function H5FL_blkgclist of the file src/H5FL.c. The manipulation of the argument H5FLblkheadt leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/2xxx/CVE-2025-2913.json",
    "cna_assigner": "VulDB",
    "cwe_ids": [
        "CWE-119",
        "CWE-416"
    ]
}
References

Affected packages

Git / github.com/hdfgroup/hdf5

Affected ranges

Type
GIT
Repo
https://github.com/hdfgroup/hdf5
Events
Database specific
{
    "source": [
        "AFFECTED_FIELD",
        "CPE_RANGE"
    ],
    "cpe": "cpe:2.3:a:hdfgroup:hdf5:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "1.14.0"
        },
        {
            "last_affected": "1.14.0"
        },
        {
            "introduced": "1.14.1"
        },
        {
            "last_affected": "1.14.1"
        },
        {
            "introduced": "1.14.2"
        },
        {
            "last_affected": "1.14.2"
        },
        {
            "introduced": "1.14.3"
        },
        {
            "last_affected": "1.14.3"
        },
        {
            "introduced": "1.14.4"
        },
        {
            "last_affected": "1.14.4"
        },
        {
            "introduced": "1.14.5"
        },
        {
            "last_affected": "1.14.5"
        },
        {
            "introduced": "1.14.6"
        },
        {
            "last_affected": "1.14.6"
        },
        {
            "introduced": "0"
        },
        {
            "fixed": "2.0.0"
        }
    ]
}

Affected versions

1.*
1.14.0
1.14.1
1.14.2
1.14.3
1.14.4
1.14.5
1.14.6

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-2913.json"