CVE-2025-2914

Опубликовано: 28 мар. 2025

Источник: redhat

CVSS3: 3.3

EPSS Низкий

Описание

A vulnerability classified as problematic has been found in HDF5 up to 1.14.6. This affects the function H5FS__sinfo_Srialize_Sct_cb of the file src/H5FScache.c. The manipulation of the argument sect leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.

A flaw was found in HDF5. This vulnerability allows a heap-based buffer overflow via manipulating the sect argument in the H5FS__sinfo_Srialize_Sct_cb function of src/H5FScache.c.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux AI (RHEL AI)	hdf5	Fix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-119

Дефект:

CWE-122

https://bugzilla.redhat.com/show_bug.cgi?id=2355804hdf5: HDF5 H5FScache.c H5FS__sinfo_Srialize_Sct_cb heap-based overflow

EPSS

Процентиль: 25%

0.00087

Низкий

3.3 Low

CVSS3

Связанные уязвимости

CVE-2025-2914

CVSS3: 3.3

ubuntu

около 1 года назад

CVE-2025-2914

CVSS3: 3.3

nvd

около 1 года назад

CVE-2025-2914

CVSS3: 3.3

msrc

7 месяцев назад

HDF5 H5FScache.c H5FS__sinfo_Srialize_Sct_cb heap-based overflow

CVE-2025-2914

CVSS3: 3.3

debian

около 1 года назад

A vulnerability classified as problematic has been found in HDF5 up to ...

GHSA-mpcj-9v9v-j2hw

CVSS3: 3.3

github

около 1 года назад

EPSS

Процентиль: 25%

0.00087

Низкий

3.3 Low

CVSS3