CVE-2025-2153

EUVD-2025-7293
A vulnerability, which was classified as critical, was found in HDF5 1.14.6. Affected is the function H5SM_delete of the file H5SM.c of the component h5 File Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
VulDBCNA
5 MEDIUM
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 45%
Affected Products (NVD)
VendorProductVersion
hdfgrouphdf5
1.14.6
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
hdf5
bookworm
unimportant
bullseye
unimportant
forky
unimportant
sid
unimportant
trixie
unimportant
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
insighttoolkit
focal
dne
jammy
dne
noble
dne
oracular
dne
plucky
dne
questing
dne
xenial
needs-triage
insighttoolkit4
bionic
needs-triage
focal
ignored
jammy
needs-triage
noble
dne
oracular
dne
plucky
dne
questing
dne
xenial
needs-triage
hdf5
bionic
needed
focal
needed
jammy
needed
noble
needed
oracular
ignored
plucky
ignored
questing
needed
trusty
needed
xenial
needed
insighttoolkit5
focal
dne
jammy
needs-triage
noble
needs-triage
oracular
ignored
plucky
ignored
questing
needs-triage
paraview
bionic
needs-triage
focal
ignored
jammy
needs-triage
noble
needs-triage
oracular
ignored
plucky
ignored
questing
needs-triage
xenial
needs-triage
Common Weakness Enumeration
References
https://github.com/HDFGroup/hdf5/issues/5329
https://github.com/sae-as-me/Crashes/raw/refs/heads/main/hdf5/h5_extended_crash.h5
https://vuldb.com/?ctiid.299064
https://vuldb.com/?id.299064
https://vuldb.com/?submit.510819