Heap-based Buffer Overflow in HDF5 Affected Product by HDFGroup
CVE-2025-7067
Key Information:
Badges
What is CVE-2025-7067?
A problematic vulnerability has been identified in HDF5 version 1.14.6, specifically within the H5FS__sinfo_serialize_node_cb function found in src/H5FScache.c. This vulnerability is characterized by a heap-based buffer overflow, which requires local access for exploitation. The details have been publicly disclosed, raising potential security concerns for users of this version. Organizations utilizing HDF5 1.14.6 should consider implementing mitigations as they may be susceptible to attack.
Affected Version(s)
HDF5 1.14.6
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved