cve 2025 2924

A heap‑buffer overflow in HDF5’s heap-list deserialization routine — H5HL__fl_deserialize in src/H5HLcache.c — was disclosed in March 2025 as CVE‑2025‑2924; the flaw can cause out‑of‑bounds reads and heap corruption when the library processes crafted .h5 files, a proof‑of‑concept was published...