CVE-2025-2925

HDF5 H5MM.c H5MM_realloc double free

Published: 3/28/2025 Last updated: 3/28/2025 Reserved: 3/28/2025

A vulnerability has been found in HDF5 up to 1.14.6 and classified as problematic. This vulnerability affects the function H5MM_realloc of the file src/H5MM.c. The manipulation of the argument mem leads to double free. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.

CNA assigner: VulDB (1af790b2-7ee1-4545-860a-a788eba489b5) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
4.0	4.8	Medium	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
3.1	3.3	Low	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
3.0	3.3	Low	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
2.0	1.7	Low	CVSS:2.0/AV:L/AC:L/Au:S/C:N/I:N/A:P

Opam packages affected (1)

hdf5

Products affected (1)

Product	Vendor	Version
HDF5	n/a	< V3.5.18.20

References (5)

https://vuldb.com/?id.301900
https://vuldb.com/?ctiid.301900
https://vuldb.com/?submit.521193
https://github.com/HDFGroup/hdf5/issues/5383
https://github.com/HDFGroup/hdf5/issues/5383