Primary

Context

HDF5 Heap-Based Buffer Overflow Vulnerability in H5O__chunk_protect Function

Vulnerability

A heap-based buffer overflow vulnerability has been identified in HDF5 version 1.14.6. The issue arises in the H5O__chunk_protect function within the file src/H5Ochunk.c. This vulnerability can be exploited locally, leading to a denial-of-service condition.

Impact

Exploitation of this vulnerability causes a heap-based buffer overflow, which can disrupt the normal operation of the application and potentially allow for arbitrary code execution.

Reproduction

The vulnerability can be reproduced by compiling HDF5 with address sanitization enabled, using Clang as the compiler. After building the library, the H5 extended fuzzer, also available on GitHub, can be used to trigger the vulnerability by sending specially crafted input that exploits the buffer overflow in the H5O__chunk_protect function.

Added: Jun 28, 2025, 4:20 PM

Updated: Jun 28, 2025, 4:20 PM

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

2.5

exploitability

4.6

remediation

0.0

relevance

0.2

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

2.5

exploitability

4.6

remediation

0.0

relevance

0.2

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HDF5 Heap-Based Buffer Overflow Vulnerability in H5O__chunk_protect Function

Vulnerability

Impact

Reproduction

Affected Products

HDF5

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating