CVE-2025-2924

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-2924
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-2924.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-2924
Downstream
Published
2025-03-28T19:31:04.699Z
Modified
2026-05-01T04:28:05.831135Z
Severity
  • 1.9 (Low) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
HDF5 H5HLcache.c H5HL__fl_deserialize heap-based overflow
Details

A vulnerability, which was classified as problematic, was found in HDF5 up to 1.14.6. This affects the function H5HL__fldeserialize of the file src/H5HLcache.c. The manipulation of the argument freeblock leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.

Database specific 
{
    "cna_assigner": "VulDB",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/2xxx/CVE-2025-2924.json",
    "cwe_ids": [
        "CWE-119",
        "CWE-122"
    ]
}
References

Affected packages

Git / github.com/hdfgroup/hdf5

Affected ranges

Type
GIT
Repo
https://github.com/hdfgroup/hdf5
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
0553fb7ac7f03a919c91cdbbd5648b8aadbe05af
Last affected
577c192518598c7e2945683655feffcdbdf5a91b
Last affected
2d926cf0426d2ed9403946071d9b05ac8b4dd778
Last affected
8b5cac6bc498546efa5639f99bb7dbbc1a2d5d90
Last affected
88429b015e29c59de604b0f552001fb7cb7ed5d0
Last affected
0fe0459fc24d71be13d5f266513c2832b525671b
Last affected
7bf340440909d468dbb3cf41f0ea0d87f5050cea
Database specific 
{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.14.0"
        },
        {
            "last_affected": "1.14.1"
        },
        {
            "last_affected": "1.14.2"
        },
        {
            "last_affected": "1.14.3"
        },
        {
            "last_affected": "1.14.4"
        },
        {
            "last_affected": "1.14.5"
        },
        {
            "last_affected": "1.14.6"
        }
    ],
    "source": "AFFECTED_FIELD"
}

Affected versions

1.*
1.14.1
Other
before_removing_docs
before_removing_fphdf5
before_removing_mpiposix_vfd
before_removing_tbbt_code
before_signed_unsigned_changes
hdf5-1_0_0
hdf5-1_0_0-alpha2
hdf5-1_0_1
hdf5-1_13_0-rc1
hdf5-1_13_0-rc2
hdf5-1_13_0-rc3
hdf5-1_13_0-rc4
hdf5-1_13_0-rc5
hdf5-1_13_0-rc6
hdf5-1_14_0
hdf5-1_14_1
hdf5-1_14_2
hdf5-1_14_3
hdf5-1_14_3-rc1
hdf5-1_2_0
hdf5-1_2_0-beta1-update2
hdf5-1_2_0beta
hdf5-1_2_1
hdf5-1_3_0
hdf5-1_3_1
hdf5-1_4_0
hdf5-1_4_1
hdf5-1_6_0
hdf5-1_6_1
hdf5-1_6_2
hdf5-1_8_0-alpha2
hdf5-1_8_0-alpha3
hdf5-1_8_0-alpha4
hdf5-1_8_0-beta1
hdf5-1_8_0-beta2
hdf5-1_8_0-beta3
hdf5-1_8_0-beta4
hdf5-1_8_0-beta5
hdf5-1_9-start
hdff5-1_14-_0
hdff5-1_14_0
proto1
r1_1beta1
vms_last_support_trunk
hdf5-1.*
hdf5-1.14.5
hdf5-1.14.6
hdf5_1.*
hdf5_1.14.4
hdf5_1.14.5
hdf5_1.14.6
snapshot-1.*
snapshot-1.14

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-2924.json"