hdf5: fix CVE-2025-2310 - linux/meta-openembedded.git - Mirror of git.openembedded.org/meta-openembedded

diff options

author	Libo Chen <libo.chen.cn@windriver.com>	2026-04-10 15:05:02 +0800
committer	Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-04-15 14:12:18 +0530
commit	c96f578f10812ea0be4bace170d62f1a116dc0fc (patch)
tree	73a7cd1c5b55cd423454a25b276645c5a08eb5a2 /meta-python/recipes-devtools/python/python3-strenum
parent	43572581cf07864489f7f89c6d29e68bffc76c0b (diff)
download	meta-openembedded-c96f578f10812ea0be4bace170d62f1a116dc0fc.tar.gz

hdf5: fix CVE-2025-2310

According to [1], A vulnerability was found in HDF5 1.14.6 and classified as critical. This issue affects the function H5MM_strndup of the component Metadata Attribute Decoder. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. Backport patch [2] from upstream to fix CVE-2025-2310 [1] https://nvd.nist.gov/vuln/detail/CVE-2025-2310 [2] https://github.com/HDFGroup/hdf5/commit/6c86f97e03c6dc7d7bd2bae9acc422bdc3438ff4 Signed-off-by: Libo Chen <libo.chen.cn@windriver.com> Signed-off-by: Jinfeng Wang <jinfeng.wang.cn@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>

Diffstat (limited to 'meta-python/recipes-devtools/python/python3-strenum')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: