CVE-2025-6857

EUVD-2025-19480
A vulnerability has been found in HDF5 1.14.6 and classified as problematic. Affected by this vulnerability is the function H5G__node_cmp3 of the file src/H5Gnode.c. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.3 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 13%
Affected Products (NVD)
VendorProductVersion
hdfgrouphdf5
1.14.6
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
hdf5
bionic
needed
focal
needed
jammy
needed
noble
needed
oracular
ignored
plucky
ignored
questing
needed
resolute
needed
trusty
needed
xenial
ignored
Azure Linux logo
Azure Linux Releases
Azure Package
Release
hdf5
Azure Linux 3.0
0:1.14.6-1.azl3
fixed
CBL-Mariner 2.0
0:1.14.6-1.cm2
fixed