A heap-based buffer overflow has been disclosed in the HDF5 library that can be triggered while flushing object messages: the flaw exists in the function H5O_msg_flush in src/H5Omessage.c (tracked as CVE‑2025‑2912) and affects HDF5 releases up to and including 1.14.6. The issue can be provoked...
