CVE-2025-2309

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-2309

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-2309.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-2309

Related

UBUNTU-CVE-2025-2309

Published

2025-03-14T21:15:37Z

Modified

2025-05-29T03:53:04.592871Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A vulnerability has been found in HDF5 1.14.6 and classified as critical. This vulnerability affects the function H5T_bitcopy of the component Type Conversion Logic. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor plans to fix this issue in an upcoming release.

References

Affected packages

Debian:11 / hdf5

Package

Name: hdf5
Purl: pkg:deb/debian/hdf5?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.10.6+repack-4

1.10.6+repack-4+deb11u1

1.10.6+repack-5

1.10.7+repack-1

1.10.7+repack-2

1.10.7+repack-3

1.10.7+repack-4

1.10.8+repack-1

1.10.8+repack-2

1.10.8+repack-3

1.10.8+repack-4

1.10.8+repack1-1

1.10.10+repack-1

1.10.10+repack-2

1.10.10+repack-3

1.10.10+repack-3.1

1.10.10+repack-3.2

1.10.10+repack-3.2+ports

1.10.10+repack-3.3

1.10.10+repack-4

1.10.10+repack-5

1.12.0+repack-1~exp1

1.12.0+repack-1~exp2

1.12.2+repack-1~exp1

1.14.3+repack-1~exp1

1.14.3+repack1-1~exp2

1.14.3+repack1-1~exp3

1.14.4.3+repack-1~exp1

1.14.4.3+repack-1~exp2

1.14.4.3+repack-1~exp3

1.14.5+repack-1~exp1

1.14.5+repack-1~exp2

1.14.5+repack-1~exp3

1.14.5+repack-1~exp4

1.14.5+repack-1~exp5

1.14.5+repack-1~exp6

1.14.5+repack-1

1.14.5+repack-2

1.14.5+repack-3~exp1

1.14.5+repack-3~exp2

1.14.5+repack-3~exp3

1.14.5+repack-3~exp4

1.14.5+repack-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / hdf5

Package

Name: hdf5
Purl: pkg:deb/debian/hdf5?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.10.8+repack1-1

1.10.10+repack-1

1.10.10+repack-2

1.10.10+repack-3

1.10.10+repack-3.1

1.10.10+repack-3.2

1.10.10+repack-3.2+ports

1.10.10+repack-3.3

1.10.10+repack-4

1.10.10+repack-5

1.12.0+repack-1~exp1

1.12.0+repack-1~exp2

1.12.2+repack-1~exp1

1.14.3+repack-1~exp1

1.14.3+repack1-1~exp2

1.14.3+repack1-1~exp3

1.14.4.3+repack-1~exp1

1.14.4.3+repack-1~exp2

1.14.4.3+repack-1~exp3

1.14.5+repack-1~exp1

1.14.5+repack-1~exp2

1.14.5+repack-1~exp3

1.14.5+repack-1~exp4

1.14.5+repack-1~exp5

1.14.5+repack-1~exp6

1.14.5+repack-1

1.14.5+repack-2

1.14.5+repack-3~exp1

1.14.5+repack-3~exp2

1.14.5+repack-3~exp3

1.14.5+repack-3~exp4

1.14.5+repack-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / hdf5

Package

Name: hdf5
Purl: pkg:deb/debian/hdf5?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.10.8+repack1-1

1.10.10+repack-1

1.10.10+repack-2

1.10.10+repack-3

1.10.10+repack-3.1

1.10.10+repack-3.2

1.10.10+repack-3.2+ports

1.10.10+repack-3.3

1.10.10+repack-4

1.10.10+repack-5

1.12.0+repack-1~exp1

1.12.0+repack-1~exp2

1.12.2+repack-1~exp1

1.14.3+repack-1~exp1

1.14.3+repack1-1~exp2

1.14.3+repack1-1~exp3

1.14.4.3+repack-1~exp1

1.14.4.3+repack-1~exp2

1.14.4.3+repack-1~exp3

1.14.5+repack-1~exp1

1.14.5+repack-1~exp2

1.14.5+repack-1~exp3

1.14.5+repack-1~exp4

1.14.5+repack-1~exp5

1.14.5+repack-1~exp6

1.14.5+repack-1

1.14.5+repack-2

1.14.5+repack-3~exp1

1.14.5+repack-3~exp2

1.14.5+repack-3~exp3

1.14.5+repack-3~exp4

1.14.5+repack-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/hdfgroup/hdf5

Affected ranges

Type: GIT
Repo: https://github.com/hdfgroup/hdf5
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

7bf340440909d468dbb3cf41f0ea0d87f5050cea

Affected versions

Other

before_removing_docs

before_removing_fphdf5

before_removing_mpiposix_vfd

before_removing_tbbt_code

before_signed_unsigned_changes

hdf5-1_0_0

hdf5-1_0_0-alpha2

hdf5-1_0_1

hdf5-1_13_0-rc1

hdf5-1_13_0-rc2

hdf5-1_13_0-rc3

hdf5-1_13_0-rc4

hdf5-1_13_0-rc5

hdf5-1_13_0-rc6

hdf5-1_2_0

hdf5-1_2_0-beta1-update2

hdf5-1_2_0beta

hdf5-1_2_1

hdf5-1_3_0

hdf5-1_3_1

hdf5-1_4_0

hdf5-1_4_1

hdf5-1_6_0

hdf5-1_6_1

hdf5-1_6_2

hdf5-1_8_0-alpha2

hdf5-1_8_0-alpha3

hdf5-1_8_0-alpha4

hdf5-1_8_0-beta1

hdf5-1_8_0-beta2

hdf5-1_8_0-beta3

hdf5-1_8_0-beta4

hdf5-1_8_0-beta5

hdf5-1_9-start

proto1

r1_1beta1

vms_last_support_trunk

hdf5-1.*

hdf5-1.14.5

hdf5-1.14.6

hdf5_1.*

hdf5_1.14.5

hdf5_1.14.6

snapshot-1.*

snapshot-1.14