hdf5

A heap‑based buffer overflow has been reported in the HDF5 library’s Scale‑Offset filter (function H5Z__scaleoffset_decompress_one_byte) and cataloged as CVE‑2025‑2308 — a defect that affects HDF5 1.14.6 and can produce a one‑byte out‑of‑bounds write during decompression of Scale‑Offset encoded...

HDF5 users and maintainers should treat a newly disclosed flaw — CVE-2025-7068 — as a real but limited operational risk: a memory‑leak in the HDF5 metadata/cache code that affects HDF5 1.14.6 and can be triggered by local operations that exercise the library’s metadata discard paths. Background...

A heap-based buffer overflow has been publicly disclosed in HDF5 1.14.6 — tracked as CVE-2025-6818 — rooted in the H5O__chunk_protect routine inside src/H5Ochunk.c, creating a locally exploitable crash and potential memory‑corruption vector that defenders must treat seriously in any environment...

A heap‑overflow in the HDF5 library (H5MM_strndup / metadata attribute decoder), tracked as CVE‑2025‑2310 and tied to HDF5 v1.14.6, has been publicly disclosed and is known to produce reproducible crashes — and Microsoft’s initial public mapping names Azure Linux as a Microsoft product that...

A heap-based buffer overflow in the HDF5 library’s free-space serialization code (tracked as CVE‑2025‑2914) has been publicly disclosed and reproducible proof‑of‑concept material is available: the bug can be triggered when HDF5 v1.14.6 (and earlier, where present) processes crafted free‑space...

A critical heap‑based buffer overflow in the HDF5 library — tracked as CVE‑2025‑2153 and rooted in the H5SM_delete function in H5SM.c — has resurrected a familiar supply‑chain question: Microsoft’s advisory names Azure Linux as a carrier of the vulnerable open‑source code, but does that mean...

A heap‑based buffer overflow has been disclosed in the HDF5 library: CVE‑2025‑2923 documents a flaw in the function H5F_addr_encode_len (file src/H5Fint.c) that can write past an allocated buffer when processing crafted data, producing a reliable crash and a low‑to‑medium severity local attack...

A heap‑buffer overflow in HDF5’s heap-list deserialization routine — H5HL__fl_deserialize in src/H5HLcache.c — was disclosed in March 2025 as CVE‑2025‑2924; the flaw can cause out‑of‑bounds reads and heap corruption when the library processes crafted .h5 files, a proof‑of‑concept was published...

A critical use‑after‑free defect has been publicly disclosed in the HDF5 library: CVE‑2025‑2913 identifies a flaw in src/H5FL.c (function H5FL__blk_gc_list) that can dereference freed metadata under specific local conditions, creating a realistic denial‑of‑service and memory‑corruption risk for...

HDF5 1.14.6 contains a heap buffer overflow in the Scale‑Offset filter (H5Z__filter_scaleoffset) that can be triggered by malformed HDF5 files and has been assigned CVE‑2025‑44905, creating a realistic denial‑of‑service and memory‑corruption risk for any software or service that reads untrusted...