CVE-2025-2309

Sažetak

A vulnerability has been found in HDF5 1.14.6 and classified as critical. This vulnerability affects the function H5T__bit_copy of the component Type Conversion Logic. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor plans to fix this issue in an upcoming release.

Reference

https://github.com/madao123123/crash_report/blob/main/hdf5_poc/hdf5_poc3.md
https://vuldb.com/?ctiid.299722
https://vuldb.com/?id.299722
https://vuldb.com/?submit.514532

CVSS

Base:	4.3
Impact:	6.4
Exploitability:	3.1

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:L/AC:L/Au:S/C:P/I:P/A:P

Zadnje važnije ažuriranje

28-05-2025 - 18:13

Objavljeno

14-03-2025 - 21:15