Actively Exploited in the Wild

This vulnerability is being actively exploited in the wild.

Primary

Context

HDF5 Heap-Based Buffer Overflow Vulnerability in H5O__fsinfo_encode Function

Vulnerability

Exploited

A heap-based buffer overflow vulnerability has been identified in HDF5 version 1.14.6. This issue arises in the H5O__fsinfo_encode function within the file /src/H5Ofsinfo.c. The vulnerability can be exploited locally, leading to a denial-of-service condition.

Impact

Exploitation of this vulnerability causes a heap-based buffer overflow, which can lead to memory corruption and potentially allow for arbitrary code execution.

Reproduction

The vulnerability can be reproduced by compiling HDF5 with AddressSanitizer enabled, using Clang as the compiler. After building the library, the H5 extended fuzzer, also available on GitHub, can be used to trigger the vulnerability by sending specially crafted input that exploits the buffer overflow in the H5O__fsinfo_encode function.

Added: Jun 28, 2025, 8:17 AM

Updated: Jun 28, 2025, 8:17 AM

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

2.5

exploitability

6.4

remediation

0.0

relevance

0.2

threat

8.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

2.5

exploitability

6.4

remediation

0.0

relevance

0.2

threat

8.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Actively Exploited in the Wild

HDF5 Heap-Based Buffer Overflow Vulnerability in H5O__fsinfo_encode Function

Vulnerability

Impact

Reproduction

Affected Products

HDF5

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating