CVE-2025-2153

A vulnerability, which was classified as critical, was found in HDF5 1.14.6. Affected is the function H5SM_delete of the file H5SM.c of the component h5 File Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
VulDBCNA
5 MEDIUM
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 15%
VendorProductVersion
hdfgrouphdf5
1.14.6
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
hdf5
bullseye
vulnerable
trixie
postponed
bookworm
postponed
sid
vulnerable
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
hdf5
plucky
needs-triage
oracular
needs-triage
noble
needs-triage
jammy
needs-triage
focal
needs-triage
bionic
needs-triage
xenial
needs-triage
trusty
needs-triage
insighttoolkit
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
dne
xenial
needs-triage
insighttoolkit4
plucky
dne
oracular
dne
noble
dne
jammy
needs-triage
focal
needs-triage
bionic
needs-triage
xenial
needs-triage
insighttoolkit5
plucky
needs-triage
oracular
needs-triage
noble
needs-triage
jammy
needs-triage
focal
dne
paraview
plucky
needs-triage
oracular
needs-triage
noble
needs-triage
jammy
needs-triage
focal
needs-triage
bionic
needs-triage
xenial
needs-triage
Common Weakness Enumeration
References
https://github.com/HDFGroup/hdf5/issues/5329
https://github.com/sae-as-me/Crashes/raw/refs/heads/main/hdf5/h5_extended_crash.h5
https://vuldb.com/?ctiid.299064
https://vuldb.com/?id.299064
https://vuldb.com/?submit.510819