Hdfgroup Hdf5 vulnerabilities

CVE-2025-2924 [MEDIUM] CWE-119 CVE-2025-2924: A vulnerability, which was classified as problematic, was found in HDF5 up to 1.14.6. This affects t A vulnerability, which was classified as problematic, was found in HDF5 up to 1.14.6. This affects the function H5HL__fl_deserialize of the file src/H5HLcache.c. The manipulation of the argument free_block leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be

CVE-2025-2925 [MEDIUM] CWE-119 CVE-2025-2925: A vulnerability has been found in HDF5 up to 1.14.6 and classified as problematic. This vulnerabilit A vulnerability has been found in HDF5 up to 1.14.6 and classified as problematic. This vulnerability affects the function H5MM_realloc of the file src/H5MM.c. The manipulation of the argument mem leads to double free. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.

CVE-2025-2914 [MEDIUM] CWE-119 CVE-2025-2914: A vulnerability classified as problematic has been found in HDF5 up to 1.14.6. This affects the func A vulnerability classified as problematic has been found in HDF5 up to 1.14.6. This affects the function H5FS__sinfo_Srialize_Sct_cb of the file src/H5FScache.c. The manipulation of the argument sect leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.

CVE-2025-2915 [MEDIUM] CWE-119 CVE-2025-2915: A vulnerability classified as problematic was found in HDF5 up to 1.14.6. This vulnerability affects A vulnerability classified as problematic was found in HDF5 up to 1.14.6. This vulnerability affects the function H5F__accum_free of the file src/H5Faccum.c. The manipulation of the argument overlap_size leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.

CVE-2025-2926 [MEDIUM] CWE-404 CVE-2025-2926: A vulnerability was found in HDF5 up to 1.14.6 and classified as problematic. This issue affects the A vulnerability was found in HDF5 up to 1.14.6 and classified as problematic. This issue affects the function H5O__cache_chk_serialize of the file src/H5Ocache.c. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.

CVE-2025-2913 [MEDIUM] CWE-119 CVE-2025-2913: A vulnerability was found in HDF5 up to 1.14.6. It has been rated as critical. Affected by this issu A vulnerability was found in HDF5 up to 1.14.6. It has been rated as critical. Affected by this issue is the function H5FL__blk_gc_list of the file src/H5FL.c. The manipulation of the argument H5FL_blk_head_t leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.

CVE-2025-2308 [MEDIUM] CWE-119 CVE-2025-2308: A vulnerability, which was classified as critical, was found in HDF5 1.14.6. This affects the functi A vulnerability, which was classified as critical, was found in HDF5 1.14.6. This affects the function H5Z__scaleoffset_decompress_one_byte of the component Scale-Offset Filter. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The vendor plans to

CVE-2025-2310 [MEDIUM] CWE-119 CVE-2025-2310: A vulnerability was found in HDF5 1.14.6 and classified as critical. This issue affects the function A vulnerability was found in HDF5 1.14.6 and classified as critical. This issue affects the function H5MM_strndup of the component Metadata Attribute Decoder. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The vendor plans to fix this issue in an u

CVE-2025-2309 [MEDIUM] CWE-119 CVE-2025-2309: A vulnerability has been found in HDF5 1.14.6 and classified as critical. This vulnerability affects A vulnerability has been found in HDF5 1.14.6 and classified as critical. This vulnerability affects the function H5T__bit_copy of the component Type Conversion Logic. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor plans to

CVE-2025-2153 [LOW] CWE-119 CVE-2025-2153: A vulnerability, which was classified as critical, was found in HDF5 1.14.6. Affected is the functio A vulnerability, which was classified as critical, was found in HDF5 1.14.6. Affected is the function H5SM_delete of the file H5SM.c of the component h5 File Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. T

CVE-2024-32608 [CRITICAL] CWE-787 CVE-2024-32608: HDF5 library through 1.14.3 has memory corruption in H5A__close resulting in the corruption of the i HDF5 library through 1.14.3 has memory corruption in H5A__close resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.

CVE-2024-32622 [CRITICAL] CWE-125 CVE-2024-32622: HDF5 Library through 1.14.3 contains a out-of-bounds read operation in H5FL_arr_malloc in H5FL.c (ca HDF5 Library through 1.14.3 contains a out-of-bounds read operation in H5FL_arr_malloc in H5FL.c (called from H5S_set_extent_simple in H5S.c).

CVE-2024-33874 [CRITICAL] CWE-120 CVE-2024-33874: HDF5 Library through 1.14.3 has a heap buffer overflow in H5O__mtime_new_encode in H5Omtime.c. HDF5 Library through 1.14.3 has a heap buffer overflow in H5O__mtime_new_encode in H5Omtime.c.

CVE-2024-32611 [CRITICAL] CWE-908 CVE-2024-32611: HDF5 Library through 1.14.3 may use an uninitialized value in H5A__attr_release_table in H5Aint.c. HDF5 Library through 1.14.3 may use an uninitialized value in H5A__attr_release_table in H5Aint.c.

CVE-2024-29157 [CRITICAL] CWE-122 CVE-2024-29157: HDF5 through 1.14.3 contains a heap buffer overflow in H5HG_read, resulting in the corruption of the HDF5 through 1.14.3 contains a heap buffer overflow in H5HG_read, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.

CVE-2024-32615 [CRITICAL] CWE-787 CVE-2024-32615: HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5Z__nbit_decompress_one_byte i HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5Z__nbit_decompress_one_byte in H5Znbit.c, caused by the earlier use of an initialized pointer.

CVE-2024-29164 [CRITICAL] CWE-121 CVE-2024-29164: HDF5 through 1.14.3 contains a stack buffer overflow in H5R__decode_heap, resulting in the corruptio HDF5 through 1.14.3 contains a stack buffer overflow in H5R__decode_heap, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.

CVE-2024-32621 [CRITICAL] CWE-122 CVE-2024-32621: HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5HG_read in H5HG.c (called fro HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5HG_read in H5HG.c (called from H5VL__native_blob_get in H5VLnative_blob.c), resulting in the corruption of the instruction pointer.

CVE-2024-29159 [CRITICAL] CWE-120 CVE-2024-29159: HDF5 through 1.14.3 contains a buffer overflow in H5Z__filter_scaleoffset, resulting in the corrupti HDF5 through 1.14.3 contains a buffer overflow in H5Z__filter_scaleoffset, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.

CVE-2024-29161 [HIGH] CWE-122 CVE-2024-29161: HDF5 through 1.14.3 contains a heap buffer overflow in H5A__attr_release_table, resulting in the cor HDF5 through 1.14.3 contains a heap buffer overflow in H5A__attr_release_table, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.