Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-6750

Опубликовано: 27 июн. 2025
Источник: redhat
CVSS3: 3.3
EPSS Низкий

Описание

A vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. Affected by this issue is the function H5O__mtime_new_encode of the file src/H5Omtime.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.

A flaw was found in hdf5. The H5O__mtime_new_encode function in src/H5Omtime.c contains a heap-based buffer overflow vulnerability that can be triggered by crafted input. A local attacker can exploit this condition by providing a specially constructed file. This manipulation may result in a denial of service.

Отчет

The assigned severity is Low because the attack vector is local. An attacker would require local access to the system to exploit this vulnerability. It does not require any user interaction or special privileges. The impact is primarily on the availability of the service, potentially causing a denial of service.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux AI (RHEL AI)hdf5Fix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-119
Дефект:
CWE-122
https://bugzilla.redhat.com/show_bug.cgi?id=2375118hdf5: HDF5 Heap Buffer Overflow

EPSS

Процентиль: 5%
0.00023
Низкий

3.3 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-6750

CVSS3: 3.3
ubuntu
5 месяцев назад

A vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. Affected by this issue is the function H5O__mtime_new_encode of the file src/H5Omtime.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.

nvd логотип

CVE-2025-6750

CVSS3: 3.3
nvd
5 месяцев назад

A vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. Affected by this issue is the function H5O__mtime_new_encode of the file src/H5Omtime.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.

msrc логотип

CVE-2025-6750

msrc
3 месяца назад

HDF5 H5Omtime.c H5O__mtime_new_encode heap-based overflow

debian логотип

CVE-2025-6750

CVSS3: 3.3
debian
5 месяцев назад

A vulnerability, which was classified as problematic, has been found i ...

github логотип

GHSA-vvrm-jv2m-hrg6

CVSS3: 3.3
github
5 месяцев назад

A vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. Affected by this issue is the function H5O__mtime_new_encode of the file src/H5Omtime.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.

EPSS

Процентиль: 5%
0.00023
Низкий

3.3 Low

CVSS3