JLSEC-2026-327

See a problem?
Please try reporting it to the source first.

Source

https://github.com/JuliaLang/SecurityAdvisories.jl/blob/main/advisories/published/2026/JLSEC-2026-327.md

Import Source

https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-327.json

JSON Data

https://api.osv.dev/v1/vulns/JLSEC-2026-327

Upstream

CVE-2025-2309

Published

2026-04-29T13:21:01.555Z

Modified

2026-04-29T13:32:10.102949Z

Summary

[none]

Details

A vulnerability has been found in HDF5 1.14.6 and classified as critical. This vulnerability affects the function H5T_bitcopy of the component Type Conversion Logic. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor plans to fix this issue in an upcoming release.

Database specific

{
    "license": "CC-BY-4.0",
    "sources": [
        {
            "database_specific": {
                "status": "Analyzed"
            },
            "modified": "2025-05-28T18:13:22.980Z",
            "id": "CVE-2025-2309",
            "published": "2025-03-14T21:15:37.260Z",
            "imported": "2026-04-29T08:59:43.459Z",
            "html_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2309",
            "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-2309"
        }
    ]
}

References

Affected packages

Julia / HDF5_jll

Package

Name: HDF5_jll
Purl: pkg:julia/HDF5_jll?uuid=0234f1f7-429e-5d53-9886-15a909be8d59

Affected ranges

Type: SEMVER
Events: Introduced

1.14.5+0

Fixed

2.0.0+0

Database specific

source

"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-327.json"