UBUNTU-CVE-2025-2308
- Source
- https://ubuntu.com/security/CVE-2025-2308
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-2308.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2025-2308
- Upstream
- Published
- 2025-03-14T21:15:00Z
- Modified
- 2026-04-27T18:51:50.120443Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- 4.8 (Medium) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
A vulnerability, which was classified as critical, was found in HDF5 1.14.6. This affects the function H5Z_scaleoffsetdecompressonebyte of the component Scale-Offset Filter. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The vendor plans to fix this issue in an upcoming release.
- References
-
- https://ubuntu.com/security/CVE-2025-2308
- https://www.cve.org/CVERecord?id=CVE-2025-2308
- https://github.com/madao123123/crash_report/blob/main/hdf5_poc/hdf5_poc2.md
- https://github.com/HDFGroup/hdf5/pull/5960/changes
- https://vuldb.com/?ctiid.299721
- https://vuldb.com/?id.299721
- https://vuldb.com/?submit.514531
Affected packages
Ubuntu:22.04:LTS
hdf5
Package
- Name
- hdf5
- Purl
- pkg:deb/ubuntu/hdf5@1.10.7+repack-4ubuntu2?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "hdf5-helpers",
"binary_version": "1.10.7+repack-4ubuntu2"
},
{
"binary_name": "hdf5-tools",
"binary_version": "1.10.7+repack-4ubuntu2"
},
{
"binary_name": "libhdf5-103",
"binary_version": "1.10.7+repack-4ubuntu2"
},
{
"binary_name": "libhdf5-103-1",
"binary_version": "1.10.7+repack-4ubuntu2"
},
{
"binary_name": "libhdf5-cpp-103",
"binary_version": "1.10.7+repack-4ubuntu2"
},
{
"binary_name": "libhdf5-cpp-103-1",
"binary_version": "1.10.7+repack-4ubuntu2"
},
{
"binary_name": "libhdf5-fortran-102",
"binary_version": "1.10.7+repack-4ubuntu2"
},
{
"binary_name": "libhdf5-hl-100",
"binary_version": "1.10.7+repack-4ubuntu2"
},
{
"binary_name": "libhdf5-hl-cpp-100",
"binary_version": "1.10.7+repack-4ubuntu2"
},
{
"binary_name": "libhdf5-hl-fortran-100",
"binary_version": "1.10.7+repack-4ubuntu2"
},
{
"binary_name": "libhdf5-java",
"binary_version": "1.10.7+repack-4ubuntu2"
},
{
"binary_name": "libhdf5-jni",
"binary_version": "1.10.7+repack-4ubuntu2"
},
{
"binary_name": "libhdf5-mpich-103",
"binary_version": "1.10.7+repack-4ubuntu2"
},
{
"binary_name": "libhdf5-mpich-103-1",
"binary_version": "1.10.7+repack-4ubuntu2"
},
{
"binary_name": "libhdf5-mpich-cpp-103-1",
"binary_version": "1.10.7+repack-4ubuntu2"
},
{
"binary_name": "libhdf5-mpich-fortran-102",
"binary_version": "1.10.7+repack-4ubuntu2"
},
{
"binary_name": "libhdf5-mpich-hl-100",
"binary_version": "1.10.7+repack-4ubuntu2"
},
{
"binary_name": "libhdf5-mpich-hl-cpp-100",
"binary_version": "1.10.7+repack-4ubuntu2"
},
{
"binary_name": "libhdf5-mpich-hl-fortran-100",
"binary_version": "1.10.7+repack-4ubuntu2"
},
{
"binary_name": "libhdf5-openmpi-103",
"binary_version": "1.10.7+repack-4ubuntu2"
},
{
"binary_name": "libhdf5-openmpi-103-1",
"binary_version": "1.10.7+repack-4ubuntu2"
},
{
"binary_name": "libhdf5-openmpi-cpp-103-1",
"binary_version": "1.10.7+repack-4ubuntu2"
},
{
"binary_name": "libhdf5-openmpi-fortran-102",
"binary_version": "1.10.7+repack-4ubuntu2"
},
{
"binary_name": "libhdf5-openmpi-hl-100",
"binary_version": "1.10.7+repack-4ubuntu2"
},
{
"binary_name": "libhdf5-openmpi-hl-cpp-100",
"binary_version": "1.10.7+repack-4ubuntu2"
},
{
"binary_name": "libhdf5-openmpi-hl-fortran-100",
"binary_version": "1.10.7+repack-4ubuntu2"
}
]
}Ubuntu:24.04:LTS
hdf5
Package
- Name
- hdf5
- Purl
- pkg:deb/ubuntu/hdf5@1.10.10+repack-3.1ubuntu4?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1.*
1.10.8+repack1-1ubuntu1
1.10.10+repack-3ubuntu1
1.10.10+repack-3.1ubuntu3
1.10.10+repack-3.1ubuntu4
Ecosystem specific
{
"binaries": [
{
"binary_name": "hdf5-helpers",
"binary_version": "1.10.10+repack-3.1ubuntu4"
},
{
"binary_name": "hdf5-tools",
"binary_version": "1.10.10+repack-3.1ubuntu4"
},
{
"binary_name": "libhdf5-103-1t64",
"binary_version": "1.10.10+repack-3.1ubuntu4"
},
{
"binary_name": "libhdf5-cpp-103-1t64",
"binary_version": "1.10.10+repack-3.1ubuntu4"
},
{
"binary_name": "libhdf5-fortran-102t64",
"binary_version": "1.10.10+repack-3.1ubuntu4"
},
{
"binary_name": "libhdf5-hl-100t64",
"binary_version": "1.10.10+repack-3.1ubuntu4"
},
{
"binary_name": "libhdf5-hl-cpp-100t64",
"binary_version": "1.10.10+repack-3.1ubuntu4"
},
{
"binary_name": "libhdf5-hl-fortran-100t64",
"binary_version": "1.10.10+repack-3.1ubuntu4"
},
{
"binary_name": "libhdf5-java",
"binary_version": "1.10.10+repack-3.1ubuntu4"
},
{
"binary_name": "libhdf5-jni",
"binary_version": "1.10.10+repack-3.1ubuntu4"
},
{
"binary_name": "libhdf5-mpich-103-1t64",
"binary_version": "1.10.10+repack-3.1ubuntu4"
},
{
"binary_name": "libhdf5-mpich-cpp-103-1t64",
"binary_version": "1.10.10+repack-3.1ubuntu4"
},
{
"binary_name": "libhdf5-mpich-fortran-102t64",
"binary_version": "1.10.10+repack-3.1ubuntu4"
},
{
"binary_name": "libhdf5-mpich-hl-100t64",
"binary_version": "1.10.10+repack-3.1ubuntu4"
},
{
"binary_name": "libhdf5-mpich-hl-cpp-100t64",
"binary_version": "1.10.10+repack-3.1ubuntu4"
},
{
"binary_name": "libhdf5-mpich-hl-fortran-100t64",
"binary_version": "1.10.10+repack-3.1ubuntu4"
},
{
"binary_name": "libhdf5-openmpi-103-1t64",
"binary_version": "1.10.10+repack-3.1ubuntu4"
},
{
"binary_name": "libhdf5-openmpi-cpp-103-1t64",
"binary_version": "1.10.10+repack-3.1ubuntu4"
},
{
"binary_name": "libhdf5-openmpi-fortran-102t64",
"binary_version": "1.10.10+repack-3.1ubuntu4"
},
{
"binary_name": "libhdf5-openmpi-hl-100t64",
"binary_version": "1.10.10+repack-3.1ubuntu4"
},
{
"binary_name": "libhdf5-openmpi-hl-cpp-100t64",
"binary_version": "1.10.10+repack-3.1ubuntu4"
},
{
"binary_name": "libhdf5-openmpi-hl-fortran-100t64",
"binary_version": "1.10.10+repack-3.1ubuntu4"
}
]
}Ubuntu:25.10
hdf5
Package
- Name
- hdf5
- Purl
- pkg:deb/ubuntu/hdf5@1.14.5+repack-3build1?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "hdf5-helpers",
"binary_version": "1.14.5+repack-3build1"
},
{
"binary_name": "hdf5-tools",
"binary_version": "1.14.5+repack-3build1"
},
{
"binary_name": "libhdf5-310",
"binary_version": "1.14.5+repack-3build1"
},
{
"binary_name": "libhdf5-cpp-310",
"binary_version": "1.14.5+repack-3build1"
},
{
"binary_name": "libhdf5-fortran-310",
"binary_version": "1.14.5+repack-3build1"
},
{
"binary_name": "libhdf5-hl-310",
"binary_version": "1.14.5+repack-3build1"
},
{
"binary_name": "libhdf5-hl-cpp-310",
"binary_version": "1.14.5+repack-3build1"
},
{
"binary_name": "libhdf5-hl-fortran-310",
"binary_version": "1.14.5+repack-3build1"
},
{
"binary_name": "libhdf5-java",
"binary_version": "1.14.5+repack-3build1"
},
{
"binary_name": "libhdf5-jni",
"binary_version": "1.14.5+repack-3build1"
},
{
"binary_name": "libhdf5-mpich-310",
"binary_version": "1.14.5+repack-3build1"
},
{
"binary_name": "libhdf5-mpich-cpp-310",
"binary_version": "1.14.5+repack-3build1"
},
{
"binary_name": "libhdf5-mpich-fortran-310",
"binary_version": "1.14.5+repack-3build1"
},
{
"binary_name": "libhdf5-mpich-hl-310",
"binary_version": "1.14.5+repack-3build1"
},
{
"binary_name": "libhdf5-mpich-hl-cpp-310",
"binary_version": "1.14.5+repack-3build1"
},
{
"binary_name": "libhdf5-mpich-hl-fortran-310",
"binary_version": "1.14.5+repack-3build1"
},
{
"binary_name": "libhdf5-openmpi-310",
"binary_version": "1.14.5+repack-3build1"
},
{
"binary_name": "libhdf5-openmpi-cpp-310",
"binary_version": "1.14.5+repack-3build1"
},
{
"binary_name": "libhdf5-openmpi-fortran-310",
"binary_version": "1.14.5+repack-3build1"
},
{
"binary_name": "libhdf5-openmpi-hl-310",
"binary_version": "1.14.5+repack-3build1"
},
{
"binary_name": "libhdf5-openmpi-hl-cpp-310",
"binary_version": "1.14.5+repack-3build1"
},
{
"binary_name": "libhdf5-openmpi-hl-fortran-310",
"binary_version": "1.14.5+repack-3build1"
}
]
}Ubuntu:26.04
hdf5
Package
- Name
- hdf5
- Purl
- pkg:deb/ubuntu/hdf5@1.14.6+repack-2?arch=source&distro=resolute
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "hdf5-helpers",
"binary_version": "1.14.6+repack-2"
},
{
"binary_name": "hdf5-tools",
"binary_version": "1.14.6+repack-2"
},
{
"binary_name": "libhdf5-310",
"binary_version": "1.14.6+repack-2"
},
{
"binary_name": "libhdf5-cpp-310",
"binary_version": "1.14.6+repack-2"
},
{
"binary_name": "libhdf5-fortran-310",
"binary_version": "1.14.6+repack-2"
},
{
"binary_name": "libhdf5-hl-310",
"binary_version": "1.14.6+repack-2"
},
{
"binary_name": "libhdf5-hl-cpp-310",
"binary_version": "1.14.6+repack-2"
},
{
"binary_name": "libhdf5-hl-fortran-310",
"binary_version": "1.14.6+repack-2"
},
{
"binary_name": "libhdf5-java",
"binary_version": "1.14.6+repack-2"
},
{
"binary_name": "libhdf5-jni",
"binary_version": "1.14.6+repack-2"
},
{
"binary_name": "libhdf5-mpich-310",
"binary_version": "1.14.6+repack-2"
},
{
"binary_name": "libhdf5-mpich-cpp-310",
"binary_version": "1.14.6+repack-2"
},
{
"binary_name": "libhdf5-mpich-fortran-310",
"binary_version": "1.14.6+repack-2"
},
{
"binary_name": "libhdf5-mpich-hl-310",
"binary_version": "1.14.6+repack-2"
},
{
"binary_name": "libhdf5-mpich-hl-cpp-310",
"binary_version": "1.14.6+repack-2"
},
{
"binary_name": "libhdf5-mpich-hl-fortran-310",
"binary_version": "1.14.6+repack-2"
},
{
"binary_name": "libhdf5-openmpi-310",
"binary_version": "1.14.6+repack-2"
},
{
"binary_name": "libhdf5-openmpi-cpp-310",
"binary_version": "1.14.6+repack-2"
},
{
"binary_name": "libhdf5-openmpi-fortran-310",
"binary_version": "1.14.6+repack-2"
},
{
"binary_name": "libhdf5-openmpi-hl-310",
"binary_version": "1.14.6+repack-2"
},
{
"binary_name": "libhdf5-openmpi-hl-cpp-310",
"binary_version": "1.14.6+repack-2"
},
{
"binary_name": "libhdf5-openmpi-hl-fortran-310",
"binary_version": "1.14.6+repack-2"
}
]
}Ubuntu:Pro:14.04:LTS
hdf5
Package
- Name
- hdf5
- Purl
- pkg:deb/ubuntu/hdf5@1.8.11-5ubuntu7.1+esm2?arch=source&distro=esm-infra-legacy/trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1.*
1.8.11-3ubuntu1
1.8.11-5ubuntu1
1.8.11-5ubuntu2
1.8.11-5ubuntu6
1.8.11-5ubuntu7
1.8.11-5ubuntu7.1
1.8.11-5ubuntu7.1+esm1
1.8.11-5ubuntu7.1+esm2
Ecosystem specific
{
"binaries": [
{
"binary_name": "hdf5-helpers",
"binary_version": "1.8.11-5ubuntu7.1+esm2"
},
{
"binary_name": "hdf5-tools",
"binary_version": "1.8.11-5ubuntu7.1+esm2"
},
{
"binary_name": "libhdf5-7",
"binary_version": "1.8.11-5ubuntu7.1+esm2"
},
{
"binary_name": "libhdf5-mpich2-7",
"binary_version": "1.8.11-5ubuntu7.1+esm2"
},
{
"binary_name": "libhdf5-openmpi-7",
"binary_version": "1.8.11-5ubuntu7.1+esm2"
}
]
}Ubuntu:Pro:16.04:LTS
hdf5
Package
- Name
- hdf5
- Purl
- pkg:deb/ubuntu/hdf5@1.8.16+docs-4ubuntu1.1+esm2?arch=source&distro=esm-apps/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1.*
1.8.15-patch1+docs-4
1.8.15-patch1+docs-5
1.8.16+docs-1
1.8.16+docs-2
1.8.16+docs-3
1.8.16+docs-3ubuntu1
1.8.16+docs-4
1.8.16+docs-4ubuntu1
1.8.16+docs-4ubuntu1.1
1.8.16+docs-4ubuntu1.1+esm1
1.8.16+docs-4ubuntu1.1+esm2
Ecosystem specific
{
"binaries": [
{
"binary_name": "hdf5-helpers",
"binary_version": "1.8.16+docs-4ubuntu1.1+esm2"
},
{
"binary_name": "hdf5-tools",
"binary_version": "1.8.16+docs-4ubuntu1.1+esm2"
},
{
"binary_name": "libhdf5-10",
"binary_version": "1.8.16+docs-4ubuntu1.1+esm2"
},
{
"binary_name": "libhdf5-cpp-11",
"binary_version": "1.8.16+docs-4ubuntu1.1+esm2"
},
{
"binary_name": "libhdf5-mpich-10",
"binary_version": "1.8.16+docs-4ubuntu1.1+esm2"
},
{
"binary_name": "libhdf5-openmpi-10",
"binary_version": "1.8.16+docs-4ubuntu1.1+esm2"
}
]
}Ubuntu:Pro:18.04:LTS
hdf5
Package
- Name
- hdf5
- Purl
- pkg:deb/ubuntu/hdf5@1.10.0-patch1+docs-4ubuntu0.1~esm2?arch=source&distro=esm-apps/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1.*
1.10.0-patch1+docs-4
1.10.0-patch1+docs-4ubuntu0.1~esm1
1.10.0-patch1+docs-4ubuntu0.1~esm2
Ecosystem specific
{
"binaries": [
{
"binary_name": "hdf5-helpers",
"binary_version": "1.10.0-patch1+docs-4ubuntu0.1~esm2"
},
{
"binary_name": "hdf5-tools",
"binary_version": "1.10.0-patch1+docs-4ubuntu0.1~esm2"
},
{
"binary_name": "libhdf5-100",
"binary_version": "1.10.0-patch1+docs-4ubuntu0.1~esm2"
},
{
"binary_name": "libhdf5-cpp-100",
"binary_version": "1.10.0-patch1+docs-4ubuntu0.1~esm2"
},
{
"binary_name": "libhdf5-java",
"binary_version": "1.10.0-patch1+docs-4ubuntu0.1~esm2"
},
{
"binary_name": "libhdf5-jni",
"binary_version": "1.10.0-patch1+docs-4ubuntu0.1~esm2"
},
{
"binary_name": "libhdf5-mpich-100",
"binary_version": "1.10.0-patch1+docs-4ubuntu0.1~esm2"
},
{
"binary_name": "libhdf5-openmpi-100",
"binary_version": "1.10.0-patch1+docs-4ubuntu0.1~esm2"
}
]
}Ubuntu:Pro:20.04:LTS
hdf5
Package
- Name
- hdf5
- Purl
- pkg:deb/ubuntu/hdf5@1.10.4+repack-11ubuntu1+esm1?arch=source&distro=esm-apps/focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1.*
1.10.4+repack-10
1.10.4+repack-11
1.10.4+repack-11ubuntu1
1.10.4+repack-11ubuntu1+esm1
Ecosystem specific
{
"binaries": [
{
"binary_name": "hdf5-helpers",
"binary_version": "1.10.4+repack-11ubuntu1+esm1"
},
{
"binary_name": "hdf5-tools",
"binary_version": "1.10.4+repack-11ubuntu1+esm1"
},
{
"binary_name": "libhdf5-103",
"binary_version": "1.10.4+repack-11ubuntu1+esm1"
},
{
"binary_name": "libhdf5-cpp-103",
"binary_version": "1.10.4+repack-11ubuntu1+esm1"
},
{
"binary_name": "libhdf5-java",
"binary_version": "1.10.4+repack-11ubuntu1+esm1"
},
{
"binary_name": "libhdf5-jni",
"binary_version": "1.10.4+repack-11ubuntu1+esm1"
},
{
"binary_name": "libhdf5-mpich-103",
"binary_version": "1.10.4+repack-11ubuntu1+esm1"
},
{
"binary_name": "libhdf5-openmpi-103",
"binary_version": "1.10.4+repack-11ubuntu1+esm1"
}
]
}