CVE-2025-6816
BaseFortify
Publication date: 2025-06-28
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hdfgroup | hdf5 | 1.14.6 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-122 | A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc(). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-6816 is a heap-based buffer overflow vulnerability in the HDF5 library version 1.14.6, specifically in the function H5O__fsinfo_encode located in src/H5Ofsinfo.c. The vulnerability occurs when this function writes one byte beyond the allocated heap buffer boundary during the encoding of file space information messages, causing a heap-buffer-overflow. This off-by-one overflow can lead to memory corruption and crashes when processing specially crafted HDF5 files. The issue requires local access to exploit and has a public proof-of-concept exploit available. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can cause denial of service (DoS) conditions by crashing applications that use the vulnerable HDF5 library when processing maliciously crafted files. It may also lead to memory corruption, potentially destabilizing the system or application. Exploitation requires local access, and the vulnerability is considered easy to exploit with a public proof-of-concept available. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the HDF5 library's handling of files, specifically by using fuzz testing tools such as the OSS-Fuzz harness `h5_extended_fuzzer.c` with AddressSanitizer enabled to identify heap-buffer-overflow issues in the function `H5O__fsinfo_encode`. Additionally, reproducing the issue using the provided proof-of-concept input file `hdf5_crash_3.txt` can help detect the vulnerability. There are no specific network detection commands since the attack requires local access and is triggered by crafted input files. For system detection, running the fuzzer or monitoring for crashes or memory corruption when opening HDF5 files with `H5Fopen` can indicate the presence of the vulnerability. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding the use of HDF5 version 1.14.6 until a fixed version is released. Since the vulnerability is triggered by specially crafted input files, do not open untrusted or suspicious HDF5 files. If possible, replace the affected HDF5 component with an alternative or updated version once available. Monitoring for updates from the HDF5 project and applying patches promptly is recommended. No known countermeasures or mitigations currently exist other than these precautions. [3]