CVE-2025-6816

NameCVE-2025-6816
DescriptionA vulnerability classified as problematic was found in HDF5 1.14.6. This vulnerability affects the function H5O__fsinfo_encode of the file /src/H5Ofsinfo.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1108482

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
hdf5 (PTS)bullseye1.10.6+repack-4+deb11u1vulnerable
bookworm1.10.8+repack1-1vulnerable
trixie1.14.5+repack-3vulnerable
forky, sid1.14.5+repack-4vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
hdf5source(unstable)(unfixed)1108482

Notes

[trixie] - hdf5 <no-dsa> (Minor issue)
[bookworm] - hdf5 <no-dsa> (Minor issue)
https://github.com/HDFGroup/hdf5/issues/5571
https://github.com/HDFGroup/hdf5/pull/5829
https://github.com/HDFGroup/hdf5/commit/29c847a43db0cdc85b01cafa5a7613ea73932675
Search for package or bug name: Reporting problems