Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-6516

Опубликовано: 23 июн. 2025
Источник: redhat
CVSS3: 5.3
EPSS Низкий

Описание

A vulnerability has been found in HDF5 up to 1.14.6 and classified as critical. This vulnerability affects the function H5F_addr_decode_len of the file /hdf5/src/H5Fint.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.

A heap-based buffer overflow was found in HDF5. This flaw exists in the H5F_addr_decode_len function of the /hdf5/src/H5Fint.c file and may be triggered by input manipulation to the function. Local access is required to exploit this flaw.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux AI (RHEL AI)hdf5Fix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-119
Дефект:
CWE-122
https://bugzilla.redhat.com/show_bug.cgi?id=2374364hdf5: HDF5 heap-based overflow

EPSS

Процентиль: 6%
0.00029
Низкий

5.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-6516

CVSS3: 5.3
ubuntu
около 1 месяца назад

A vulnerability has been found in HDF5 up to 1.14.6 and classified as critical. This vulnerability affects the function H5F_addr_decode_len of the file /hdf5/src/H5Fint.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.

nvd логотип

CVE-2025-6516

CVSS3: 5.3
nvd
около 1 месяца назад

A vulnerability has been found in HDF5 up to 1.14.6 and classified as critical. This vulnerability affects the function H5F_addr_decode_len of the file /hdf5/src/H5Fint.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.

debian логотип

CVE-2025-6516

CVSS3: 5.3
debian
около 1 месяца назад

A vulnerability has been found in HDF5 up to 1.14.6 and classified as ...

github логотип

GHSA-r9x6-p32f-jfm3

CVSS3: 5.3
github
около 1 месяца назад

A vulnerability has been found in HDF5 up to 1.14.6 and classified as critical. This vulnerability affects the function H5F_addr_decode_len of the file /hdf5/src/H5Fint.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.

EPSS

Процентиль: 6%
0.00029
Низкий

5.3 Medium

CVSS3