JLSEC-2026-326

See a problem?
Please try reporting it to the source first.

Source

https://github.com/JuliaLang/SecurityAdvisories.jl/blob/main/advisories/published/2026/JLSEC-2026-326.md

Import Source

https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-326.json

JSON Data

https://api.test.osv.dev/v1/vulns/JLSEC-2026-326

Upstream

CVE-2025-2308

Published

2026-04-29T13:21:01.555Z

Modified

2026-04-29T13:31:42.804768Z

Summary

[none]

Details

A vulnerability, which was classified as critical, was found in HDF5 1.14.6. This affects the function H5Z_scaleoffsetdecompressonebyte of the component Scale-Offset Filter. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The vendor plans to fix this issue in an upcoming release.

Database specific

{
    "license": "CC-BY-4.0",
    "sources": [
        {
            "imported": "2026-04-29T08:59:43.367Z",
            "id": "CVE-2025-2308",
            "database_specific": {
                "status": "Analyzed"
            },
            "html_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2308",
            "modified": "2025-05-28T18:14:17.420Z",
            "published": "2025-03-14T21:15:37.043Z",
            "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-2308"
        }
    ]
}

References

Affected packages

Julia / HDF5_jll

Package

Name: HDF5_jll
Purl: pkg:julia/HDF5_jll?uuid=0234f1f7-429e-5d53-9886-15a909be8d59

Affected ranges

Type: SEMVER
Events: Introduced

1.14.5+0

Fixed

2.0.0+0

Database specific

source

"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-326.json"