CVE-2025-44904

Опубликовано: 30 мая 2025

Источник: redhat

CVSS3: 5.9

EPSS Низкий

Описание

hdf5 v1.14.6 was discovered to contain a heap buffer overflow via the H5VM_memcpyvv function.

A flaw was found in the H5VM_memcpyvv function in the HDF5 library. This vulnerability can allow memory corruption and application crashes via reading from a specially crafted compact dataset, leading to a heap-based buffer overflow.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux AI (RHEL AI)	hdf5	Fix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-122

https://bugzilla.redhat.com/show_bug.cgi?id=2369316hdf5: Heap Buffer Overflow in HDF5 H5VM_memcpyvv Function

EPSS

Процентиль: 19%

0.00059

Низкий

5.9 Medium

CVSS3

Связанные уязвимости

CVE-2025-44904

CVSS3: 8.8

ubuntu

3 месяца назад

hdf5 v1.14.6 was discovered to contain a heap buffer overflow via the H5VM_memcpyvv function.

CVE-2025-44904

CVSS3: 8.8

nvd

3 месяца назад

hdf5 v1.14.6 was discovered to contain a heap buffer overflow via the H5VM_memcpyvv function.

CVE-2025-44904

CVSS3: 8.8

debian

3 месяца назад

hdf5 v1.14.6 was discovered to contain a heap buffer overflow via the ...

GHSA-77wp-p4v3-xgj7

CVSS3: 8.8

github

3 месяца назад

hdf5 v1.14.6 was discovered to contain a heap buffer overflow via the H5VM_memcpyvv function.

EPSS

Процентиль: 19%

0.00059

Низкий

5.9 Medium

CVSS3