JLSEC-2026-330

See a problem?
Please try reporting it to the source first.
Source
https://github.com/JuliaLang/SecurityAdvisories.jl/blob/main/advisories/published/2026/JLSEC-2026-330.md
Import Source
https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-330.json
JSON Data
https://api.test.osv.dev/v1/vulns/JLSEC-2026-330
Upstream
Published
2026-04-29T13:21:01.555Z
Modified
2026-04-29T13:31:53.095048Z
Summary
[none]
Details

A vulnerability was found in HDF5 up to 1.14.6. It has been rated as critical. Affected by this issue is the function H5FL_blkgclist of the file src/H5FL.c. The manipulation of the argument H5FLblkheadt leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.

Database specific 
{
    "license": "CC-BY-4.0",
    "sources": [
        {
            "database_specific": {
                "status": "Analyzed"
            },
            "imported": "2026-04-29T08:59:43.788Z",
            "id": "CVE-2025-2913",
            "published": "2025-03-28T17:15:30.260Z",
            "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-2913",
            "modified": "2026-04-29T01:00:01.613Z",
            "html_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2913"
        }
    ]
}
References

Affected packages

Julia / HDF5_jll

Package

Name
HDF5_jll
Purl
pkg:julia/HDF5_jll?uuid=0234f1f7-429e-5d53-9886-15a909be8d59

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.0.0+0

Database specific

source 
"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-330.json"