You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve 2025 7067
About this tag
CVE-2025-7067 is a publicly disclosed heap-based buffer overflow vulnerability in HDF5 version 1.14.6. The flaw exists in the free-space serialization callback H5FS__sinfo_serialize_node_cb within src/H5FScache.c. It can be triggered when an application processes crafted or corrupted .h5 files, resulting in a one-byte out-of-bounds write that causes heap corruption and reliable crashes under sanitizer builds. HDF5 is a widely used binary container and C library for storing large numerical arrays and chunked data. This vulnerability affects applications that rely on HDF5 for data processing, potentially leading to denial of service. Users are advised to update to a patched version or apply mitigations as recommended by the HDF Group.
A heap‑based buffer overflow has been publicly disclosed in HDF5 1.14.6: the flaw resides in the free‑space serialization callback H5FS__sinfo_serialize_node_cb within src/H5FScache.c and can be triggered when an application processes crafted or corrupted .h5 files, producing a one‑byte...