Published: 14/03/2025 Updated: 08/05/2025

Heap-Based Buffer Overflow in HDF5 1.14.6 Metadata Attribute Decoder

A critical vulnerability exists in HDF5 version 1.14.6, specifically impacting the H5MM_strndup function within the Metadata Attribute Decoder component. The vulnerability can result in a heap-based buffer overflow when locally manipulated. While the exploit has been publicly disclosed, the actual existence of the vulnerability remains uncertain. The vendor was initially contacted about multiple vulnerabilities and responded with a blanket "reject" without providing additional context. Despite polite requests for further explanation, no elaboration was received. At present, it appears the vendor is attempting to dispute the vulnerability findings, and the issue remains flagged pending more detailed information.

Vulnerable Product	Search on Vulmon	Subscribe to Product
* hdf5

Debian Bug report logs - #1103540 hdf5: CVE-2025-2310 Package: src:hdf5; Maintainer for src:hdf5 is Gilles Filippini <pini@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 18 Apr 2025 19:45:02 UTC Severity: important Tags: security, upstream Found in version hdf5/1145+repack-3 Rep ...

CWE-119 CWE-122 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103540 https://nvd.nist.gov https://www.first.org/epss https://github.com/madao123123/crash_report/blob/main/hdf5_poc/hdf5_poc4.md https://vuldb.com/?ctiid.299723 https://vuldb.com/?id.299723 https://vuldb.com/?submit.514533

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2025-2310

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect