#1103532 hdf5: CVE-2025-2925

Package:
src:hdf5
Source:
src:hdf5
Submitter:
Salvatore Bonaccorso
Date:
2025-04-18 19:30:02 UTC
Severity:
normal
Tags:
#1103532#5
Date:
2025-04-18 19:26:40 UTC
From:
To:
Hi,

The following vulnerability was published for hdf5.

CVE-2025-2925[0]:
| A vulnerability has been found in HDF5 up to 1.14.6 and classified
| as problematic. This vulnerability affects the function H5MM_realloc
| of the file src/H5MM.c. The manipulation of the argument mem leads
| to double free. The attack needs to be approached locally. The
| exploit has been disclosed to the public and may be used.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2025-2925
https://www.cve.org/CVERecord?id=CVE-2025-2925
[1] https://github.com/HDFGroup/hdf5/issues/5383

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore