CVE-2025-2913
- Source
- https://cve.org/CVERecord?id=CVE-2025-2913
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-2913.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-2913
- Downstream
- Published
- 2025-03-28T16:31:04.298Z
- Modified
- 2026-05-01T04:27:20.456991Z
- Severity
-
- 1.9 (Low) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
- Summary
- HDF5 H5FL.c H5FL__blk_gc_list use after free
- Details
-
A vulnerability was found in HDF5 up to 1.14.6. It has been rated as critical. Affected by this issue is the function H5FL_blkgclist of the file src/H5FL.c. The manipulation of the argument H5FLblkheadt leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/2xxx/CVE-2025-2913.json", "cna_assigner": "VulDB", "cwe_ids": [ "CWE-119", "CWE-416" ] }- References
Affected packages
Git / github.com/hdfgroup/hdf5
Affected ranges
- Type
- GIT
- Repo
- https://github.com/hdfgroup/hdf5
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
before_removing_docs
before_removing_fphdf5
before_removing_mpiposix_vfd
before_removing_tbbt_code
before_signed_unsigned_changes
final_autotools_develop
hdf5-1_0_0
hdf5-1_0_0-alpha2
hdf5-1_0_1
hdf5-1_13_0-rc1
hdf5-1_13_0-rc2
hdf5-1_13_0-rc3
hdf5-1_13_0-rc4
hdf5-1_13_0-rc5
hdf5-1_13_0-rc6
hdf5-1_2_0
hdf5-1_2_0-beta1-update2
hdf5-1_2_0beta
hdf5-1_2_1
hdf5-1_3_0
hdf5-1_3_1
hdf5-1_4_0
hdf5-1_4_1
hdf5-1_6_0
hdf5-1_6_1
hdf5-1_6_2
hdf5-1_8_0-alpha2
hdf5-1_8_0-alpha3
hdf5-1_8_0-alpha4
hdf5-1_8_0-beta1
hdf5-1_8_0-beta2
hdf5-1_8_0-beta3
hdf5-1_8_0-beta4
hdf5-1_8_0-beta5
hdf5-1_9-start
proto1
r1_1beta1
snapshot
vms_last_support_trunk