A vulnerability classified as problematic was found in HDF5 1.14.6. This vulnerability affects the function H5FS__sinfo_serialize_node_cb of the file src/H5FScache.c. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.
References
Link | Resource |
---|---|
https://github.com/HDFGroup/hdf5/issues/5577 | Exploit Issue Tracking Third Party Advisory |
https://github.com/user-attachments/files/20623499/hdf5_crash_9.txt | Exploit |
https://vuldb.com/?ctiid.314902 | Permissions Required |
https://vuldb.com/?id.314902 | Third Party Advisory VDB Entry |
https://vuldb.com/?submit.602536 | Third Party Advisory VDB Entry |
https://github.com/HDFGroup/hdf5/issues/5577 | Exploit Issue Tracking Third Party Advisory |
Configurations
History
09 Jul 2025, 17:36
Type | Values Removed | Values Added |
---|---|---|
First Time |
Hdfgroup hdf5
Hdfgroup |
|
CPE | cpe:2.3:a:hdfgroup:hdf5:1.14.6:*:*:*:*:*:*:* | |
References | () https://github.com/HDFGroup/hdf5/issues/5577 - Exploit, Issue Tracking, Third Party Advisory | |
References | () https://github.com/user-attachments/files/20623499/hdf5_crash_9.txt - Exploit | |
References | () https://vuldb.com/?ctiid.314902 - Permissions Required | |
References | () https://vuldb.com/?id.314902 - Third Party Advisory, VDB Entry | |
References | () https://vuldb.com/?submit.602536 - Third Party Advisory, VDB Entry |
08 Jul 2025, 14:15
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/HDFGroup/hdf5/issues/5577 - | |
Summary |
|
04 Jul 2025, 18:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-07-04 18:15
Updated : 2025-07-09 17:36
NVD link : CVE-2025-7067
Mitre link : CVE-2025-7067
CVE.ORG link : CVE-2025-7067
JSON object : View
Products Affected
hdfgroup
- hdf5