hdf5: fix CVE-2025-2153 - linux/meta-openembedded.git - Mirror of git.openembedded.org/meta-openembedded

diff options

author	Libo Chen <libo.chen.cn@windriver.com>	2026-04-10 15:05:01 +0800
committer	Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-04-15 14:12:15 +0530
commit	43572581cf07864489f7f89c6d29e68bffc76c0b (patch)
tree	f57e9396f2753e4a851e0b8af2f47253adc3aff4 /meta-python/recipes-devtools/python
parent	151e634ed297eec8d9b269c2b08001fd76f4cc62 (diff)
download	meta-openembedded-43572581cf07864489f7f89c6d29e68bffc76c0b.tar.gz

hdf5: fix CVE-2025-2153

According to [1], A vulnerability, which was classified as critical, was found in HDF5 1.14.6. Affected is the function H5SM_delete of the file H5SM.c of the component h5 File Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. Backport patch [2] from upstream to fix CVE-2025-2153 [1] https://nvd.nist.gov/vuln/detail/CVE-2025-2153 [2] https://github.com/HDFGroup/hdf5/commit/38954615fc079538aa45d48097625a6d76aceef0 Signed-off-by: Libo Chen <libo.chen.cn@windriver.com> Signed-off-by: Jinfeng Wang <jinfeng.wang.cn@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>

Diffstat (limited to 'meta-python/recipes-devtools/python')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: