The tag cve 2025 2308 covers discussions about CVE-2025-2308, a heap-based buffer overflow vulnerability in the HDF5 library's Scale-Offset filter, specifically in function H5Z__scaleoffset_decompress_one_byte. This defect affects HDF5 1.14.6 and can lead to a one-byte out-of-bounds write during decompression of Scale-Offset encoded data. The vulnerability has a public proof-of-concept and is tracked by multiple advisories. Microsoft's Security Response Center has confirmed that Azure Linux includes the affected library, making it potentially vulnerable. The tag content focuses on the technical details of the CVE, its impact on HDF5, and the scope of affected Microsoft products, without extending to other unrelated vulnerabilities or systems.
-
A heap‑based buffer overflow has been reported in the HDF5 library’s Scale‑Offset filter (function H5Z__scaleoffset_decompress_one_byte) and cataloged as CVE‑2025‑2308 — a defect that affects HDF5 1.14.6 and can produce a one‑byte out‑of‑bounds write during decompression of Scale‑Offset encoded...