CVE-2025-2925Improper Restriction of Operations within the Bounds of a Memory Buffer in Hdf5

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-415Double Free6 documents6 sources
Severity
4.8MEDIUMNVD
EPSS
0.1%
top 75.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Hdfgroup Hdf5Debian Hdf5Msrc Azl3 Hdf5 1.14.4.3-1 ON Azure Linux 3.0+3 more
Timeline
PublishedMar 28

Description

A vulnerability has been found in HDF5 up to 1.14.6 and classified as problematic. This vulnerability affects the function H5MM_realloc of the file src/H5MM.c. The manipulation of the argument mem leads to double free. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Packages7 packages

NVDhdfgroup/hdf51.14.6
debiandebian/hdf5
CVEListV5hdfgroup/hdf57 versions+6

🔴Vulnerability Details

2
GHSA
GHSA-8j53-82pv-32wq: A vulnerability has been found in HDF5 up to 12025-03-28
OSV
CVE-2025-2925: A vulnerability has been found in HDF5 up to 12025-03-28

📋Vendor Advisories

3
Red Hat
hdf5: HDF5 H5MM.c H5MM_realloc double free2025-03-28
Microsoft
HDF5 H5MM.c H5MM_realloc double free2025-03-11
Debian
CVE-2025-2925: hdf5 - A vulnerability has been found in HDF5 up to 1.14.6 and classified as problemati...2025