cve 2025 2924

CVE-2025-2924 is a heap-buffer overflow vulnerability in the HDF5 library, specifically in the heap-list deserialization routine H5HL__fl_deserialize within src/H5HLcache.c. Disclosed in March 2025, the flaw can cause out-of-bounds reads and heap corruption when HDF5 processes crafted .h5 files. A proof-of-concept exploit has been published, and upstream fixes have been merged into the HDF5 source tree. Users of HDF5 should update to a patched version to mitigate the risk. This tag covers discussions about the vulnerability, its technical details, and available patches.