CVE-2025-6516
HDF5 H5Fint.c H5F_addr_decode_len heap-based overflow
We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
HDF5 H5Fint.c H5F_addr_decode_len heap-based overflow
A vulnerability has been found in HDF5 up to 1.14.6 and classified as critical. This vulnerability affects the function H5F_addr_decode_len of the file /hdf5/src/H5Fint.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.
In HDF5 bis 1.14.6 wurde eine kritische Schwachstelle gefunden. Das betrifft die Funktion H5F_addr_decode_len der Datei /hdf5/src/H5Fint.c. Durch Manipulation mit unbekannten Daten kann eine heap-based buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs hat dabei lokal zu erfolgen. Der Exploit steht zur öffentlichen Verfügung.
| 2025-06-23: | Advisory disclosed |
| 2025-06-23: | VulDB entry created |
| 2025-06-23: | VulDB entry last update |
Rulkallos (VulDB User)
vuldb.com/?id.313636 (VDB-313636 | HDF5 H5Fint.c H5F_addr_decode_len heap-based overflow)
vuldb.com/?ctiid.313636 (VDB-313636 | CTI Indicators (IOB, IOC, IOA))
vuldb.com/?submit.592589 (Submit #592589 | HDF5 1.14.6 Heap-based Buffer Overflow)
github.com/HDFGroup/hdf5/issues/5581
github.com/user-attachments/files/20626851/reproduce.tar.gz
Support options
