AZL-58368

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-58368.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-58368

Upstream

CVE-2025-2153

Published

2025-03-10T14:15:26Z

Modified

2026-04-01T05:19:48.940919Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

CVE-2025-2153 affecting package hdf5 for versions less than 1.14.6-1

Details

A vulnerability, which was classified as critical, was found in HDF5 1.14.6. Affected is the function H5SM_delete of the file H5SM.c of the component h5 File Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-2153

Affected packages

Azure Linux:3 / hdf5

Package

Name: hdf5
Purl: pkg:rpm/azure-linux/hdf5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.14.6-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-58368.json"