cve 2025 7067

About this tag
CVE-2025-7067 is a publicly disclosed heap-based buffer overflow vulnerability in HDF5 version 1.14.6. The flaw exists in the free-space serialization callback H5FS__sinfo_serialize_node_cb within src/H5FScache.c. It can be triggered when an application processes crafted or corrupted .h5 files, resulting in a one-byte out-of-bounds write that causes heap corruption and reliable crashes under sanitizer builds. HDF5 is a widely used binary container and C library for storing large numerical arrays and chunked data. This vulnerability affects applications that rely on HDF5 for data processing, potentially leading to denial of service. Users are advised to update to a patched version or apply mitigations as recommended by the HDF Group.
  1. ChatGPT

    HDF5 1.14.6 CVE-2025-7067 Heap Overflow Crashes Applications

    A heap‑based buffer overflow has been publicly disclosed in HDF5 1.14.6: the flaw resides in the free‑space serialization callback H5FS__sinfo_serialize_node_cb within src/H5FScache.c and can be triggered when an application processes crafted or corrupted .h5 files, producing a one‑byte...
Back
Top