CVE-2025-2924

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-2924
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-2924.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-2924
Downstream
Published
2025-03-28T20:15:26.147Z
Modified
2026-04-02T12:46:24.664560Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

A vulnerability, which was classified as problematic, was found in HDF5 up to 1.14.6. This affects the function H5HL__fldeserialize of the file src/H5HLcache.c. The manipulation of the argument freeblock leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.

References

Affected packages

Git / github.com/hdfgroup/hdf5

Affected ranges

Type
GIT
Repo
https://github.com/hdfgroup/hdf5
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
7bf340440909d468dbb3cf41f0ea0d87f5050cea
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.14.6"
        }
    ]
}

Affected versions

1.*
1.14.1
2.*
2.0.0
2.1.0
2.1.0-pre1test
2.1.1
Other
Base_1_10_4
CCP_proto1
DECTRIS_20131231
DLS_20130630
DLS_20131204
DLS_20140316
before_removing_docs
before_removing_fphdf5
before_removing_mpiposix_vfd
before_removing_tbbt_code
before_signed_unsigned_changes
final_autotools_develop
hdf5-1_0_0
hdf5-1_0_0-alpha1
hdf5-1_0_0-alpha2
hdf5-1_0_1
hdf5-1_10_0
hdf5-1_10_0-alpha0
hdf5-1_10_0-alpha1
hdf5-1_10_0-patch1
hdf5-1_10_1
hdf5-1_10_10
hdf5-1_10_11
hdf5-1_10_2
hdf5-1_10_3
hdf5-1_10_4
hdf5-1_10_5
hdf5-1_10_6
hdf5-1_10_7
hdf5-1_10_8
hdf5-1_10_9
hdf5-1_12_0
hdf5-1_12_0-alpha0
hdf5-1_12_0-alpha1
hdf5-1_12_0-initial
hdf5-1_12_1
hdf5-1_12_2
hdf5-1_12_2-3-rc1
hdf5-1_12_3
hdf5-1_13_0
hdf5-1_13_0-rc1
hdf5-1_13_0-rc2
hdf5-1_13_0-rc3
hdf5-1_13_0-rc4
hdf5-1_13_0-rc5
hdf5-1_13_0-rc6
hdf5-1_13_1
hdf5-1_13_2
hdf5-1_13_3
hdf5-1_14_0
hdf5-1_14_1
hdf5-1_14_1-2
hdf5-1_14_2
hdf5-1_14_3
hdf5-1_14_3-rc1
hdf5-1_2_0
hdf5-1_2_0-beta1-update2
hdf5-1_2_0beta
hdf5-1_2_1
hdf5-1_2_2
hdf5-1_3_0
hdf5-1_3_1
hdf5-1_4_0
hdf5-1_4_1
hdf5-1_4_2
hdf5-1_4_3
hdf5-1_4_4
hdf5-1_4_5
hdf5-1_6_0
hdf5-1_6_1
hdf5-1_6_10
hdf5-1_6_2
hdf5-1_6_3
hdf5-1_6_4
hdf5-1_6_5
hdf5-1_6_6
hdf5-1_6_7
hdf5-1_6_8
hdf5-1_6_9
hdf5-1_8_0
hdf5-1_8_0-alpha0
hdf5-1_8_0-alpha1
hdf5-1_8_0-alpha2
hdf5-1_8_0-alpha3
hdf5-1_8_0-alpha4
hdf5-1_8_0-beta1
hdf5-1_8_0-beta2
hdf5-1_8_0-beta3
hdf5-1_8_0-beta4
hdf5-1_8_0-beta5
hdf5-1_8_1
hdf5-1_8_10
hdf5-1_8_10-patch1
hdf5-1_8_11
hdf5-1_8_12
hdf5-1_8_12-cmake_install_fix
hdf5-1_8_13
hdf5-1_8_14
hdf5-1_8_15
hdf5-1_8_15-patch1
hdf5-1_8_16
hdf5-1_8_17
hdf5-1_8_18
hdf5-1_8_19
hdf5-1_8_2
hdf5-1_8_20
hdf5-1_8_21
hdf5-1_8_22
hdf5-1_8_23
hdf5-1_8_3
hdf5-1_8_3-patched
hdf5-1_8_4
hdf5-1_8_4-VMS
hdf5-1_8_4-patch1
hdf5-1_8_5
hdf5-1_8_5-patch1
hdf5-1_8_6
hdf5-1_8_7
hdf5-1_8_8
hdf5-1_8_9
hdf5-1_9-start
hdf5-1_9_222-swmr0
hdf5_1_10_9-base
hdf5_1_12-initial
hdf5_1_8_15_precodefreeze_final_commit
hdf5_ff_v1
hdff5-1_14-_0
hdff5-1_14_0
proto1
r1_1beta1
snapshot
vfd_swmr_alpha_1
vfd_swmr_alpha_2
vfd_swmr_beta_1
vms_last_support_1_8
vms_last_support_trunk
hdf5-1.*
hdf5-1.12.1-rc1
hdf5-1.14.5
hdf5-1.14.6
hdf5_1.*
hdf5_1.14.4
hdf5_1.14.4.1
hdf5_1.14.4.2
hdf5_1.14.4.3
hdf5_1.14.5
hdf5_1.14.6
hdf5_2.*
hdf5_2.0.0
hdf5_2.1.0
snapshot-1.*
snapshot-1.10
snapshot-1.12
snapshot-1.14
snapshot-1.16
test-2.*
test-2.0.1-pre1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-2924.json"