A vulnerability was found in HDF5 up to 1.14.6. It has been rated as critical. Affected by this issue is the function H5FL_blkgclist of the file src/H5FL.c. The manipulation of the argument H5FLblkheadt leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/2xxx/CVE-2025-2913.json",
"cna_assigner": "VulDB",
"cwe_ids": [
"CWE-119",
"CWE-416"
]
}{
"source": [
"AFFECTED_FIELD",
"CPE_RANGE"
],
"cpe": "cpe:2.3:a:hdfgroup:hdf5:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "1.14.0"
},
{
"last_affected": "1.14.0"
},
{
"introduced": "1.14.1"
},
{
"last_affected": "1.14.1"
},
{
"introduced": "1.14.2"
},
{
"last_affected": "1.14.2"
},
{
"introduced": "1.14.3"
},
{
"last_affected": "1.14.3"
},
{
"introduced": "1.14.4"
},
{
"last_affected": "1.14.4"
},
{
"introduced": "1.14.5"
},
{
"last_affected": "1.14.5"
},
{
"introduced": "1.14.6"
},
{
"last_affected": "1.14.6"
},
{
"introduced": "0"
},
{
"fixed": "2.0.0"
}
]
}