JLSEC-2026-335

See a problem?
Please try reporting it to the source first.

Source

https://github.com/JuliaLang/SecurityAdvisories.jl/blob/main/advisories/published/2026/JLSEC-2026-335.md

Import Source

https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-335.json

JSON Data

https://api.osv.dev/v1/vulns/JLSEC-2026-335

Upstream

CVE-2025-2925

Published

2026-04-29T13:21:01.555Z

Modified

2026-04-29T13:32:29.142212Z

Summary

[none]

Details

A vulnerability has been found in HDF5 up to 1.14.6 and classified as problematic. This vulnerability affects the function H5MM_realloc of the file src/H5MM.c. The manipulation of the argument mem leads to double free. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.

Database specific

{
    "sources": [
        {
            "html_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2925",
            "database_specific": {
                "status": "Modified"
            },
            "id": "CVE-2025-2925",
            "imported": "2026-04-29T08:59:44.263Z",
            "modified": "2026-04-29T01:00:01.613Z",
            "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-2925",
            "published": "2025-03-28T20:15:26.440Z"
        }
    ],
    "license": "CC-BY-4.0"
}

References

Affected packages

Julia / HDF5_jll

Package

Name: HDF5_jll
Purl: pkg:julia/HDF5_jll?uuid=0234f1f7-429e-5d53-9886-15a909be8d59

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.0.0+0

Database specific

source

"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-335.json"