Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2025-2153

Опубликовано: 10 мар. 2025
Источник: debian
EPSS Низкий

Описание

A vulnerability, which was classified as critical, was found in HDF5 1.14.6. Affected is the function H5SM_delete of the file H5SM.c of the component h5 File Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
hdf5unfixedpackage

Примечания

  • https://github.com/HDFGroup/hdf5/issues/5329

  • https://github.com/HDFGroup/hdf5/pull/5795

  • https://github.com/HDFGroup/hdf5/commit/38954615fc079538aa45d48097625a6d76aceef0

  • HDF not covered by security support, see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117722

EPSS

Процентиль: 46%
0.00234
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2025-2153

CVSS3: 5
ubuntu
11 месяцев назад

A vulnerability, which was classified as critical, was found in HDF5 1.14.6. Affected is the function H5SM_delete of the file H5SM.c of the component h5 File Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used.

nvd логотип

CVE-2025-2153

CVSS3: 5
nvd
11 месяцев назад

A vulnerability, which was classified as critical, was found in HDF5 1.14.6. Affected is the function H5SM_delete of the file H5SM.c of the component h5 File Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used.

msrc логотип

CVE-2025-2153

CVSS3: 6.8
msrc
5 месяцев назад

HDF5 h5 File H5SM.c H5SM_delete heap-based overflow

github логотип

GHSA-q2jx-5x2v-8hrm

CVSS3: 5
github
11 месяцев назад

A vulnerability, which was classified as critical, was found in HDF5 1.14.6. Affected is the function H5SM_delete of the file H5SM.c of the component h5 File Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used.

EPSS

Процентиль: 46%
0.00234
Низкий