Primary

Context

HDF5 Heap-Based Buffer Overflow Vulnerability in Scale-Offset Filter Decompression Function

Vulnerability

A critical heap-based buffer overflow vulnerability has been identified in HDF5 version 1.14.6. This issue arises in the Scale-Offset Filter's decompression function, H5Z__scaleoffset_decompress_one_byte, where the library improperly handles data, leading to a heap memory overflow. The vulnerability requires local exploitation.

Impact

Exploitation of this vulnerability causes a heap-based buffer overflow, which can lead to memory corruption and potentially allow for arbitrary code execution.

Reproduction

The vulnerability can be reproduced by compiling HDF5 with AddressSanitizer enabled, using Clang as the compiler. After building the library, the 'h5dump' tool can be used to read a crafted HDF5 file that triggers the buffer overflow. The AddressSanitizer will report the heap-buffer-overflow error, indicating that the vulnerability has been successfully exploited.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

10.0

exploitability

4.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

10.0

exploitability

4.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HDF5 Heap-Based Buffer Overflow Vulnerability in Scale-Offset Filter Decompression Function

Vulnerability

Impact

Reproduction

Affected Products

HDF5

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating