CVE-2025-2308: HDF5 Scale-Offset Filter H5Z__scaleoffset_decompress_one_byte heap-based overflow
First published: Fri Mar 14 2025(Updated: )
A vulnerability, which was classified as critical, was found in HDF5 1.14.6. This affects the function H5Z__scaleoffset_decompress_one_byte of the component Scale-Offset Filter. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The vendor plans to fix this issue in an upcoming release.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| HDF5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-2308?
CVE-2025-2308 is classified as a critical vulnerability.
What software is affected by CVE-2025-2308?
CVE-2025-2308 affects HDF5 version 1.14.6.
How do I fix CVE-2025-2308?
To fix CVE-2025-2308, you should upgrade to a version of HDF5 that addresses this vulnerability.
What type of vulnerability is CVE-2025-2308?
CVE-2025-2308 is a heap-based buffer overflow vulnerability.
Is local access required to exploit CVE-2025-2308?
Yes, an attacker must have local access to exploit CVE-2025-2308.
- agent/weakness
- agent/references
- agent/title
- agent/type
- agent/first-publish-date
- agent/severity
- agent/author
- agent/source
- agent/event
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/description
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- vendor/hdf group
- canonical/hdf5