hdf5: fix CVE-2025-2309 - linux/meta-openembedded.git - Mirror of git.openembedded.org/meta-openembedded

diff options

author	Libo Chen <libo.chen.cn@windriver.com>	2026-04-10 15:05:04 +0800
committer	Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-04-15 14:12:18 +0530
commit	6f240eceb0fe8ae357a4e5560bb7fb6dcae0e197 (patch)
tree	92e1a4e9c50391440abac0166d7dd2def0e55e76 /meta-python/recipes-devtools/python
parent	69fcb4d4b1bbd991f12185ef11dfe81561375887 (diff)
download	meta-openembedded-6f240eceb0fe8ae357a4e5560bb7fb6dcae0e197.tar.gz

hdf5: fix CVE-2025-2309

According to [1], A vulnerability has been found in HDF5 1.14.6 and classified as critical. This vulnerability affects the function H5T__bit_copy of the component Type Conversion Logic. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor plans to fix this issue in an upcoming release. Backport patch [2] from upstream to fix CVE-2025-2309 [1] https://nvd.nist.gov/vuln/detail/CVE-2025-2309 [2] https://github.com/HDFGroup/hdf5/commit/9d90b21ef5c5373978014f1a711795aa653bd9a1 Signed-off-by: Libo Chen <libo.chen.cn@windriver.com> Signed-off-by: Jinfeng Wang <jinfeng.wang.cn@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>

Diffstat (limited to 'meta-python/recipes-devtools/python')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: