CVE-2025-6750
BaseFortify
Publication date: 2025-06-27
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hdfgroup | hdf5 | 1.14.6 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-122 | A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc(). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-6750 is a heap-based buffer overflow vulnerability in the HDF5 library version 1.14.6, specifically in the function H5O__mtime_new_encode within the source file src/H5Omtime.c. The vulnerability occurs when the function writes beyond the allocated heap buffer while encoding modification time metadata, leading to memory corruption. This overflow can be triggered by processing specially crafted input and requires local access to exploit. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can lead to memory corruption and potential crashes of applications using the affected HDF5 library. It may cause denial of service (DoS) conditions and could be exploited locally to disrupt system availability. The exploit requires local access and low attack complexity, but no remote exploitation is possible. There are no known mitigations currently, so affected users should consider replacing or updating the component. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by reproducing the heap-based buffer overflow using fuzz testing techniques similar to those used in the OSS-Fuzz project with the `h5_extended_fuzzer.c` harness. Detection involves running the HDF5 library with sanitizers such as AddressSanitizer enabled to catch out-of-bounds writes during processing of HDF5 files. Specific commands include cloning the HDF5 repository, building it with sanitizers enabled (e.g., Clang with AddressSanitizer), compiling the fuzzing harness, and running the fuzzer to trigger the overflow. Exact commands are not provided, but the process involves standard build and fuzzing steps as described in the issue report. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding the use of the affected HDF5 version 1.14.6 until a fixed version is released. Since no known countermeasures or patches are currently available, users are advised to replace or upgrade the affected component when a fix is published (planned for version 2.0.0). Additionally, restricting local access to trusted users only can reduce risk, as exploitation requires local access. Monitoring for updates from the HDF Group and applying patches promptly once available is recommended. [3, 2]