CVE-2025-2913

A vulnerability was found in HDF5 up to 1.14.6. It has been rated as problematic. Affected by this issue is the function H5FL__blk_gc_list of the file src/H5FL.c. The manipulation of the argument H5FL_blk_head_t leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.3 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
VulDBCNA
3.3 LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 2%
VendorProductVersion
hdfgrouphdf5
𝑥
< 1.14.6
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
hdf5
bullseye
vulnerable
trixie
postponed
bookworm
postponed
sid
vulnerable
Common Weakness Enumeration
References
https://github.com/HDFGroup/hdf5/issues/5376
https://vuldb.com/?ctiid.301886
https://vuldb.com/?id.301886
https://vuldb.com/?submit.520404