hdf5 vulnerability

A heap-based buffer overflow has been disclosed in the HDF5 library that can be triggered while flushing object messages: the flaw exists in the function H5O_msg_flush in src/H5Omessage.c (tracked as CVE‑2025‑2912) and affects HDF5 releases up to and including 1.14.6. The issue can be provoked...

A critical memory‑safety flaw has been published affecting HDF5 version 1.14.6: CVE‑2025‑6270 is a heap‑based buffer overflow in the free‑space section lookup code, rooted in the function H5FS__sect_find_node inside H5FSsection.c, and public advisories and vulnerability trackers confirm a...

A heap‑based buffer overflow in the HDF5 library — specifically in the H5F__accum_free function inside src/H5Faccum.c and tracked as CVE‑2025‑2915 — has been publicly disclosed, includes a reproducible proof‑of‑concept and affects HDF5 releases up to and including 1.14.6; the immediate, reliable...

Microsoft’s machine-readable attestation names Azure Linux as a carrier of a vulnerable HDF5 build — but that attestation is a product‑specific inventory statement, not a vendor‑wide guarantee that other Microsoft images, containers or services are free of the same library; defenders must treat...

A heap‑based buffer overflow has been publicly disclosed in HDF5 1.14.6: the flaw resides in the free‑space serialization callback H5FS__sinfo_serialize_node_cb within src/H5FScache.c and can be triggered when an application processes crafted or corrupted .h5 files, producing a one‑byte...

A stack-based buffer overflow in the HDF5 library — tracked as CVE-2025-6857 — was disclosed against HDF5 1.14.6 and centers on the H5G__node_cmp3 routine in src/H5Gnode.c; the flaw causes a stack overflow when specially crafted input is parsed, a public proof-of-concept exists, and the...

A heap-based buffer overflow has been reported in HDF5 v1.14.6: the function H5O__mtime_new_encode in src/H5Omtime.c can be manipulated to write past an allocated heap buffer (CVE‑2025‑6750), a defect tracked publicly with a working proof‑of‑concept and tracked by distribution vendors and...

A use-after-free defect in the HDF5 C library — tracked as CVE-2025-6856 and rooted in the H5FL__reg_gc_list routine in src/H5FL.c — has been publicly disclosed and confirmed by multiple independent sources; the flaw affects HDF5 1.14.6, a widely embedded library in scientific, engineering, and...

A null-pointer dereference in the HDF5 C library — specifically in the cache flush routine H5C__flush_single_entry inside src/H5Centry.c — has been cataloged as CVE-2025-6858 and confirmed against HDF5 release 1.14.6, creating a reproducible crash primitive that can be triggered locally and has...

A heap-based buffer overflow in HDF5’s object-header serialization has been publicly documented and fixed, and defenders need to treat it as a practical risk for any service or product that opens untrusted .h5 files: CVE‑2025‑6816 affects HDF5 1.14.6 in the function H5O__fsinfo_encode (file...

A critical heap‑based buffer overflow affecting HDF5's cache reconstruction routine — tracked as CVE‑2025‑6269 — was disclosed in mid‑June 2025 and affects HDF5 releases up to and including 1.14.6; the flaw lives in the function H5C__reconstruct_cache_entry inside H5Cimage.c and can be triggered...

A small, easily overlooked piece of memory-management logic in the HDF5 C library has been rewarded with a CVE and a fast upstream fix: CVE-2025-2925 identifies a double‑free in the HDF5 function H5MM_realloc (src/H5MM.c) that can be triggered when a caller passes an effective size of zero. The...

A null-pointer dereference in HDF5’s metadata cache code — tracked as CVE‑2025‑2926 — can cause application crashes when processing specially crafted HDF5 files and has been confirmed and patched upstream; operators and developers who build, ship, or accept HDF5 content must treat this as a...

A heap‑buffer overflow in a core HDF5 routine has thrown scientific-computing teams and Linux packagers into an urgent triage cycle: CVE‑2025‑44904 identifies a heap buffer overflow in HDF5 v1.14.6 rooted in the H5VM_memcpyvv function, and public proof‑of‑concept material and vendor tracking...