CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-6817 – HDF5 H5Centry.c H5C__load_entry resource consumption
https://notcve.org/view.php?id=CVE-2025-6817
28 Jun 2025 — A vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. This issue affects the function H5C__load_entry of the file /src/H5Centry.c. The manipulation leads to resource consumption. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. • https://github.com/HDFGroup/hdf5/issues/5572 • CWE-400: Uncontrolled Resource Consumption CWE-404: Improper Resource Shutdown or Release •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-6816 – HDF5 H5Ofsinfo.c H5O__fsinfo_encode heap-based overflow
https://notcve.org/view.php?id=CVE-2025-6816
28 Jun 2025 — A vulnerability classified as problematic was found in HDF5 1.14.6. This vulnerability affects the function H5O__fsinfo_encode of the file /src/H5Ofsinfo.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?id.314254 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-6516 – HDF5 H5Fint.c H5F_addr_decode_len heap-based overflow
https://notcve.org/view.php?id=CVE-2025-6516
23 Jun 2025 — A vulnerability has been found in HDF5 up to 1.14.6 and classified as critical. This vulnerability affects the function H5F_addr_decode_len of the file /hdf5/src/H5Fint.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. • https://github.com/HDFGroup/hdf5/issues/5581 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2025-2926 – HDF5 H5Ocache.c H5O__cache_chk_serialize null pointer dereference
https://notcve.org/view.php?id=CVE-2025-2926
28 Mar 2025 — A vulnerability was found in HDF5 up to 1.14.6 and classified as problematic. This issue affects the function H5O__cache_chk_serialize of the file src/H5Ocache.c. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. • https://github.com/HDFGroup/hdf5/issues/5384 • CWE-404: Improper Resource Shutdown or Release CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2025-2925 – HDF5 H5MM.c H5MM_realloc double free
https://notcve.org/view.php?id=CVE-2025-2925
28 Mar 2025 — A vulnerability has been found in HDF5 up to 1.14.6 and classified as problematic. This vulnerability affects the function H5MM_realloc of the file src/H5MM.c. The manipulation of the argument mem leads to double free. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. • https://github.com/HDFGroup/hdf5/issues/5383 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-415: Double Free •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2025-2924 – HDF5 H5HLcache.c H5HL__fl_deserialize heap-based overflow
https://notcve.org/view.php?id=CVE-2025-2924
28 Mar 2025 — A vulnerability, which was classified as problematic, was found in HDF5 up to 1.14.6. This affects the function H5HL__fl_deserialize of the file src/H5HLcache.c. The manipulation of the argument free_block leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. • https://github.com/HDFGroup/hdf5/issues/5382 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2025-2915 – HDF5 H5Faccum.c H5F__accum_free heap-based overflow
https://notcve.org/view.php?id=CVE-2025-2915
28 Mar 2025 — A vulnerability classified as problematic was found in HDF5 up to 1.14.6. This vulnerability affects the function H5F__accum_free of the file src/H5Faccum.c. The manipulation of the argument overlap_size leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. • https://github.com/HDFGroup/hdf5/issues/5380 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 11EXPL: 0CVE-2024-32608 – hdf5: multiple CVEs
https://notcve.org/view.php?id=CVE-2024-32608
25 Jun 2024 — HDF5 library through 1.14.3 has memory corruption in H5A__close resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. HDF5 library contains a memory corruption issue in H5A__close() function resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. This update for hdf5, netcdf, trilinos fixes the following issues. • https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 1CVE-2020-18232
https://notcve.org/view.php?id=CVE-2020-18232
22 Aug 2023 — Buffer Overflow vulnerability in function H5S_close in H5S.c in HDF5 1.10.4 allows remote attackers to run arbitrary code via creation of crafted file. • https://github.com/winson2004aa/PAAFS/tree/master/vul2 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 1CVE-2020-18494
https://notcve.org/view.php?id=CVE-2020-18494
22 Aug 2023 — Buffer Overflow vulnerability in function H5S_close in H5S.c in HDF5 1.10.4 allows remote attackers to run arbitrary code via creation of crafted file. • https://github.com/magicSwordsMan/PAAFS/tree/master/vul12 • CWE-787: Out-of-bounds Write •