Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-2924

Опубликовано: 28 мар. 2025
Источник: redhat
CVSS3: 3.3
EPSS Низкий

Описание

A vulnerability, which was classified as problematic, was found in HDF5 up to 1.14.6. This affects the function H5HL__fl_deserialize of the file src/H5HLcache.c. The manipulation of the argument free_block leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.

A flaw was found in HDF5. This vulnerability allows a heap-based buffer overflow via manipulation of the free_block argument in the function H5HL__fl_deserialize within src/H5HLcache.c.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux AI (RHEL AI)hdf5Fix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-119
Дефект:
CWE-122
https://bugzilla.redhat.com/show_bug.cgi?id=2355824hdf5: HDF5 H5HLcache.c H5HL__fl_deserialize heap-based overflow

EPSS

Процентиль: 25%
0.00086
Низкий

3.3 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-2924

CVSS3: 3.3
ubuntu
около 1 года назад

A vulnerability, which was classified as problematic, was found in HDF5 up to 1.14.6. This affects the function H5HL__fl_deserialize of the file src/H5HLcache.c. The manipulation of the argument free_block leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.

nvd логотип

CVE-2025-2924

CVSS3: 3.3
nvd
около 1 года назад

A vulnerability, which was classified as problematic, was found in HDF5 up to 1.14.6. This affects the function H5HL__fl_deserialize of the file src/H5HLcache.c. The manipulation of the argument free_block leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.

msrc логотип

CVE-2025-2924

CVSS3: 3.3
msrc
7 месяцев назад

HDF5 H5HLcache.c H5HL__fl_deserialize heap-based overflow

debian логотип

CVE-2025-2924

CVSS3: 3.3
debian
около 1 года назад

A vulnerability, which was classified as problematic, was found in HDF ...

github логотип

GHSA-fqw7-q4hr-f893

CVSS3: 3.3
github
около 1 года назад

A vulnerability, which was classified as problematic, was found in HDF5 up to 1.14.6. This affects the function H5HL__fl_deserialize of the file src/H5HLcache.c. The manipulation of the argument free_block leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.

EPSS

Процентиль: 25%
0.00086
Низкий

3.3 Low

CVSS3