JLSEC-2026-325

See a problem?
Please try reporting it to the source first.

Source

https://github.com/JuliaLang/SecurityAdvisories.jl/blob/main/advisories/published/2026/JLSEC-2026-325.md

Import Source

https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-325.json

JSON Data

https://api.test.osv.dev/v1/vulns/JLSEC-2026-325

Upstream

CVE-2025-2153

Published

2026-04-29T13:21:01.555Z

Modified

2026-04-29T13:31:40.487549Z

Summary

[none]

Details

A vulnerability, which was classified as critical, was found in HDF5 1.14.6. Affected is the function H5SM_delete of the file H5SM.c of the component h5 File Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used.

Database specific

{
    "license": "CC-BY-4.0",
    "sources": [
        {
            "database_specific": {
                "status": "Analyzed"
            },
            "imported": "2026-04-29T08:59:43.276Z",
            "id": "CVE-2025-2153",
            "published": "2025-03-10T14:15:26.737Z",
            "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-2153",
            "modified": "2025-03-13T18:17:10.693Z",
            "html_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2153"
        }
    ]
}

References

Affected packages

Julia / HDF5_jll

Package

Name: HDF5_jll
Purl: pkg:julia/HDF5_jll?uuid=0234f1f7-429e-5d53-9886-15a909be8d59

Affected ranges

Type: SEMVER
Events: Introduced

1.14.5+0

Fixed

2.0.0+0

Database specific

source

"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-325.json"