First published: Fri Mar 14 2025(Updated: )
A vulnerability, which was classified as critical, was found in HDF5 1.14.6. This affects the function H5Z__scaleoffset_decompress_one_byte of the component Scale-Offset Filter. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The vendor plans to fix this issue in an upcoming release.
Credit: cna@vuldb.com
Affected Software | Affected Version | How to fix |
---|---|---|
HDF5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2025-2308 is classified as a critical vulnerability.
CVE-2025-2308 affects HDF5 version 1.14.6.
To fix CVE-2025-2308, you should upgrade to a version of HDF5 that addresses this vulnerability.
CVE-2025-2308 is a heap-based buffer overflow vulnerability.
Yes, an attacker must have local access to exploit CVE-2025-2308.