Debian Hdf5 vulnerabilities

CVE-2025-7069 [MEDIUM] CVE-2025-7069: hdf5 - A vulnerability, which was classified as problematic, was found in HDF5 1.14.6. ... A vulnerability, which was classified as problematic, was found in HDF5 1.14.6. Affected is the function H5FS__sect_link_size of the file src/H5FSsection.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. Scope: local bookworm: open bullseye: open

CVE-2025-2926 [MEDIUM] CVE-2025-2926: hdf5 - A vulnerability was found in HDF5 up to 1.14.6 and classified as problematic. Th... A vulnerability was found in HDF5 up to 1.14.6 and classified as problematic. This issue affects the function H5O__cache_chk_serialize of the file src/H5Ocache.c. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Scope: local bookworm: open bullseye: open forky: open

CVE-2025-2913 [MEDIUM] CVE-2025-2913: hdf5 - A vulnerability was found in HDF5 up to 1.14.6. It has been rated as critical. A... A vulnerability was found in HDF5 up to 1.14.6. It has been rated as critical. Affected by this issue is the function H5FL__blk_gc_list of the file src/H5FL.c. The manipulation of the argument H5FL_blk_head_t leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Scope: local bookworm: open bullsey

CVE-2025-6817 [MEDIUM] CVE-2025-6817: hdf5 - A vulnerability, which was classified as problematic, has been found in HDF5 1.1... A vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. This issue affects the function H5C__load_entry of the file /src/H5Centry.c. The manipulation leads to resource consumption. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Scope: local bookworm: open bullseye: open forky: open s

CVE-2025-2924 [MEDIUM] CVE-2025-2924: hdf5 - A vulnerability, which was classified as problematic, was found in HDF5 up to 1.... A vulnerability, which was classified as problematic, was found in HDF5 up to 1.14.6. This affects the function H5HL__fl_deserialize of the file src/H5HLcache.c. The manipulation of the argument free_block leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. Scope: loca

CVE-2025-2153 [LOW] CVE-2025-2153: hdf5 - A vulnerability, which was classified as critical, was found in HDF5 1.14.6. Aff... A vulnerability, which was classified as critical, was found in HDF5 1.14.6. Affected is the function H5SM_delete of the file H5SM.c of the component h5 File Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has bee

CVE-2025-6816 [MEDIUM] CVE-2025-6816: hdf5 - A vulnerability classified as problematic was found in HDF5 1.14.6. This vulnera... A vulnerability classified as problematic was found in HDF5 1.14.6. This vulnerability affects the function H5O__fsinfo_encode of the file /src/H5Ofsinfo.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. Scope: local bookworm: open bullseye: open

CVE-2025-2308 [MEDIUM] CVE-2025-2308: hdf5 - A vulnerability, which was classified as critical, was found in HDF5 1.14.6. Thi... A vulnerability, which was classified as critical, was found in HDF5 1.14.6. This affects the function H5Z__scaleoffset_decompress_one_byte of the component Scale-Offset Filter. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The vendor plans to fix this issue in

CVE-2024-32622 [CRITICAL] CVE-2024-32622: hdf5 - HDF5 Library through 1.14.3 contains a out-of-bounds read operation in H5FL_arr_... HDF5 Library through 1.14.3 contains a out-of-bounds read operation in H5FL_arr_malloc in H5FL.c (called from H5S_set_extent_simple in H5S.c). Scope: local bookworm: open bullseye: open forky: resolved (fixed in 1.14.5+repack-1) sid: resolved (fixed in 1.14.5+repack-1) trixie: resolved (fixed in 1.14.5+repack-1)

CVE-2024-32613 [HIGH] CVE-2024-32613: hdf5 - HDF5 Library through 1.14.3 contains a heap-based buffer over-read in the functi... HDF5 Library through 1.14.3 contains a heap-based buffer over-read in the function H5HL__fl_deserialize in H5HLcache.c, a different vulnerability than CVE-2024-32612. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 1.14.5+repack-1) sid: resolved (fixed in 1.14.5+repack-1) trixie: resolved (fixed in 1.14.5+repack-1)

CVE-2024-29161 [HIGH] CVE-2024-29161: hdf5 - HDF5 through 1.14.3 contains a heap buffer overflow in H5A__attr_release_table, ... HDF5 through 1.14.3 contains a heap buffer overflow in H5A__attr_release_table, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 1.14.5+repack-1) sid: resolved (fixed in 1.14.5+repack-1) trixie: resolved (fixed in 1.14.5+repack-1)

CVE-2024-29157 [CRITICAL] CVE-2024-29157: hdf5 - HDF5 through 1.14.3 contains a heap buffer overflow in H5HG_read, resulting in t... HDF5 through 1.14.3 contains a heap buffer overflow in H5HG_read, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 1.14.5+repack-1) sid: resolved (fixed in 1.14.5+repack-1) trixie: resolved (fixed in 1.14.5+repack-1)

CVE-2024-32618 [HIGH] CVE-2024-32618: hdf5 - HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5T__get_na... HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5T__get_native_type in H5Tnative.c, resulting in the corruption of the instruction pointer. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 1.14.5+repack-1) sid: resolved (fixed in 1.14.5+repack-1) trixie: resolved (fixed in 1.14.5+repack-1)

CVE-2024-29166 [MEDIUM] CVE-2024-29166: hdf5 - HDF5 through 1.14.3 contains a buffer overflow in H5O__linfo_decode, resulting i... HDF5 through 1.14.3 contains a buffer overflow in H5O__linfo_decode, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 1.14.5+repack-1) sid: resolved (fixed in 1.14.5+repack-1) trixie: resolved (fixed in 1.14.5+repack-1)

CVE-2024-32619 [HIGH] CVE-2024-32619: hdf5 - HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5T_copy_re... HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5T_copy_reopen in H5T.c, resulting in the corruption of the instruction pointer. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 1.14.5+repack-1) sid: resolved (fixed in 1.14.5+repack-1) trixie: resolved (fixed in 1.14.5+repack-1)

CVE-2024-32611 [CRITICAL] CVE-2024-32611: hdf5 - HDF5 Library through 1.14.3 may use an uninitialized value in H5A__attr_release_... HDF5 Library through 1.14.3 may use an uninitialized value in H5A__attr_release_table in H5Aint.c. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 1.14.5+repack-1) sid: resolved (fixed in 1.14.5+repack-1) trixie: resolved (fixed in 1.14.5+repack-1)

CVE-2024-29158 [HIGH] CVE-2024-29158: hdf5 - HDF5 through 1.14.3 contains a stack buffer overflow in H5FL_arr_malloc, resulti... HDF5 through 1.14.3 contains a stack buffer overflow in H5FL_arr_malloc, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 1.14.5+repack-1) sid: resolved (fixed in 1.14.5+repack-1) trixie: resolved (fixed in 1.14.5+repack-1)

CVE-2024-29159 [CRITICAL] CVE-2024-29159: hdf5 - HDF5 through 1.14.3 contains a buffer overflow in H5Z__filter_scaleoffset, resul... HDF5 through 1.14.3 contains a buffer overflow in H5Z__filter_scaleoffset, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 1.14.5+repack-1) sid: resolved (fixed in 1.14.5+repack-1) trixie: resolved (fixed in 1.14.5+repack-1)

CVE-2024-32616 [HIGH] CVE-2024-32616: hdf5 - HDF5 Library through 1.14.3 contains a heap-based buffer over-read in H5O__dtype... HDF5 Library through 1.14.3 contains a heap-based buffer over-read in H5O__dtype_encode_helper in H5Odtype.c. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 1.14.5+repack-1) sid: resolved (fixed in 1.14.5+repack-1) trixie: resolved (fixed in 1.14.5+repack-1)

CVE-2024-32609 [HIGH] CVE-2024-32609: hdf5 - HDF5 Library through 1.14.3 allows stack consumption in the function H5E_printf_... HDF5 Library through 1.14.3 allows stack consumption in the function H5E_printf_stack in H5Eint.c. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 1.14.5+repack-1) sid: resolved (fixed in 1.14.5+repack-1) trixie: resolved (fixed in 1.14.5+repack-1)