CVE-2025-2925

NameCVE-2025-2925
DescriptionA vulnerability has been found in HDF5 up to 1.14.6 and classified as problematic. This vulnerability affects the function H5MM_realloc of the file src/H5MM.c. The manipulation of the argument mem leads to double free. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
hdf5 (PTS)bullseye1.10.6+repack-4+deb11u1vulnerable
bookworm1.10.8+repack1-1vulnerable
sid, trixie1.14.5+repack-3vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
hdf5source(unstable)(unfixed)

Notes

https://github.com/HDFGroup/hdf5/issues/5383

Search for package or bug name: Reporting problems