{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"High" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"hdf5 security update", "category":"general", "title":"Synopsis" }, { "text":"An update for hdf5 is now available for openEuler-22.03-LTS-SP4", "category":"general", "title":"Summary" }, { "text":"HDF5 is a data model, library, and file format for storing and managing data. It supports an unlimited variety of datatypes, and is designed for flexible and efficient I/O and for high volume and complex data. HDF5 is portable and is extensible, allowing applications to evolve in their use of HDF5. The HDF5 Technology suite includes tools and applications for managing, manipulating, viewing, and analyzing data in the HDF5 format.\n\nSecurity Fix(es):\n\nA vulnerability, which was classified as critical, was found in HDF5 1.14.6. Affected is the function H5SM_delete of the file H5SM.c of the component h5 File Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used.(CVE-2025-2153)\n\nA vulnerability was found in HDF5 1.14.6 and classified as critical. This issue affects the function H5MM_strndup of the component Metadata Attribute Decoder. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The vendor plans to fix this issue in an upcoming release.(CVE-2025-2310)\n\nA vulnerability was found in HDF5 up to 1.14.6. It has been declared as problematic. Affected by this vulnerability is the function H5O_msg_flush of the file src/H5Omessage.c. The manipulation of the argument oh leads to heap-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.(CVE-2025-2912)\n\nA vulnerability was found in HDF5 up to 1.14.6. It has been rated as critical. Affected by this issue is the function H5FL__blk_gc_list of the file src/H5FL.c. The manipulation of the argument H5FL_blk_head_t leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.(CVE-2025-2913)\n\nA vulnerability classified as problematic has been found in HDF5 up to 1.14.6. This affects the function H5FS__sinfo_Srialize_Sct_cb of the file src/H5FScache.c. The manipulation of the argument sect leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.(CVE-2025-2914)\n\nA vulnerability, which was classified as problematic, has been found in HDF5 up to 1.14.6. Affected by this issue is the function H5F_addr_encode_len of the file src/H5Fint.c. The manipulation of the argument pp leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.(CVE-2025-2923)\n\nA vulnerability, which was classified as problematic, was found in HDF5 up to 1.14.6. This affects the function H5HL__fl_deserialize of the file src/H5HLcache.c. The manipulation of the argument free_block leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.(CVE-2025-2924)\n\nA vulnerability has been found in HDF5 up to 1.14.6 and classified as problematic. This vulnerability affects the function H5MM_realloc of the file src/H5MM.c. The manipulation of the argument mem leads to double free. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.(CVE-2025-2925)\n\nA vulnerability was found in HDF5 up to 1.14.6 and classified as problematic. This issue affects the function H5O__cache_chk_serialize of the file src/H5Ocache.c. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.(CVE-2025-2926)\n\nhdf5 v1.14.6 was discovered to contain a heap buffer overflow via the H5Z__filter_scaleoffset function.(CVE-2025-44905)\n\nA vulnerability classified as critical was found in HDF5 up to 1.14.6. Affected by this vulnerability is the function H5C__reconstruct_cache_entry of the file H5Cimage.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.(CVE-2025-6269)\n\nA vulnerability has been found in HDF5 up to 1.14.6 and classified as critical. This vulnerability affects the function H5F_addr_decode_len of the file /hdf5/src/H5Fint.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.(CVE-2025-6516)\n\nA vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. Affected by this issue is the function H5O__mtime_new_encode of the file src/H5Omtime.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.(CVE-2025-6750)\n\nA vulnerability classified as problematic was found in HDF5 1.14.6. This vulnerability affects the function H5O__fsinfo_encode of the file /src/H5Ofsinfo.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.(CVE-2025-6816)\n\nA vulnerability, which was classified as problematic, was found in HDF5 1.14.6. Affected is the function H5O__chunk_protect of the file /src/H5Ochunk.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.(CVE-2025-6818)\n\nA vulnerability, which was classified as problematic, was found in HDF5 1.14.6. Affected is the function H5FL__reg_gc_list of the file src/H5FL.c. The manipulation leads to use after free. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.(CVE-2025-6856)\n\nA vulnerability has been found in HDF5 1.14.6 and classified as problematic. Affected by this vulnerability is the function H5G__node_cmp3 of the file src/H5Gnode.c. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.(CVE-2025-6857)\n\nA vulnerability was found in HDF5 1.14.6 and classified as problematic. Affected by this issue is the function H5C__flush_single_entry of the file src/H5Centry.c. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.(CVE-2025-6858)\n\nA vulnerability classified as problematic was found in HDF5 1.14.6. This vulnerability affects the function H5FS__sinfo_serialize_node_cb of the file src/H5FScache.c. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.(CVE-2025-7067)\n\nA vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. This issue affects the function H5FL__malloc of the file src/H5FL.c. The manipulation leads to memory leak. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.(CVE-2025-7068)", "category":"general", "title":"Description" }, { "text":"An update for hdf5 is now available for master/openEuler-20.03-LTS-SP4/openEuler-22.03-LTS-SP3/openEuler-22.03-LTS-SP4/openEuler-24.03-LTS/openEuler-24.03-LTS-Next/openEuler-24.03-LTS-SP1/openEuler-24.03-LTS-SP2/openEuler-24.03-LTS-SP3.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"High", "category":"general", "title":"Severity" }, { "text":"hdf5", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2026-1133", "category":"self", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1133" }, { "summary":"CVE-2025-2153", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-2153&packageName=hdf5" }, { "summary":"CVE-2025-2310", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-2310&packageName=hdf5" }, { "summary":"CVE-2025-2912", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-2912&packageName=hdf5" }, { "summary":"CVE-2025-2913", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-2913&packageName=hdf5" }, { "summary":"CVE-2025-2914", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-2914&packageName=hdf5" }, { "summary":"CVE-2025-2923", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-2923&packageName=hdf5" }, { "summary":"CVE-2025-2924", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-2924&packageName=hdf5" }, { "summary":"CVE-2025-2925", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-2925&packageName=hdf5" }, { "summary":"CVE-2025-2926", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-2926&packageName=hdf5" }, { "summary":"CVE-2025-44905", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-44905&packageName=hdf5" }, { "summary":"CVE-2025-6269", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-6269&packageName=hdf5" }, { "summary":"CVE-2025-6516", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-6516&packageName=hdf5" }, { "summary":"CVE-2025-6750", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-6750&packageName=hdf5" }, { "summary":"CVE-2025-6816", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-6816&packageName=hdf5" }, { "summary":"CVE-2025-6818", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-6818&packageName=hdf5" }, { "summary":"CVE-2025-6856", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-6856&packageName=hdf5" }, { "summary":"CVE-2025-6857", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-6857&packageName=hdf5" }, { "summary":"CVE-2025-6858", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-6858&packageName=hdf5" }, { "summary":"CVE-2025-7067", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-7067&packageName=hdf5" }, { "summary":"CVE-2025-7068", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-7068&packageName=hdf5" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-2153" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-2310" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-2912" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-2913" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-2914" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-2923" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-2924" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-2925" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-2926" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-44905" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-6269" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-6516" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-6750" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-6816" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-6818" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-6856" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-6857" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-6858" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-7067" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-7068" }, { "summary":"openEuler-SA-2026-1133 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2026/csaf-openeuler-sa-2026-1133.json" } ], "title":"An update for hdf5 is now available for openEuler-22.03-LTS-SP4", "tracking":{ "initial_release_date":"2026-01-22T09:58:47+08:00", "revision_history":[ { "date":"2026-01-22T09:58:47+08:00", "summary":"Initial", "number":"1.0.0" } ], "generator":{ "date":"2026-01-22T09:58:47+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2026-01-22T09:58:47+08:00", "id":"openEuler-SA-2026-1133", "version":"1.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"openEuler-22.03-LTS-SP4", "name":"openEuler-22.03-LTS-SP4" }, "name":"openEuler-22.03-LTS-SP4", "category":"product_version" } ], "category":"product_name" }, { "name":"aarch64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"hdf5-1.14.5-3.oe2203sp4.aarch64.rpm", "name":"hdf5-1.14.5-3.oe2203sp4.aarch64.rpm" }, "name":"hdf5-1.14.5-3.oe2203sp4.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"hdf5-debuginfo-1.14.5-3.oe2203sp4.aarch64.rpm", "name":"hdf5-debuginfo-1.14.5-3.oe2203sp4.aarch64.rpm" }, "name":"hdf5-debuginfo-1.14.5-3.oe2203sp4.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"hdf5-debugsource-1.14.5-3.oe2203sp4.aarch64.rpm", "name":"hdf5-debugsource-1.14.5-3.oe2203sp4.aarch64.rpm" }, "name":"hdf5-debugsource-1.14.5-3.oe2203sp4.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"hdf5-devel-1.14.5-3.oe2203sp4.aarch64.rpm", "name":"hdf5-devel-1.14.5-3.oe2203sp4.aarch64.rpm" }, "name":"hdf5-devel-1.14.5-3.oe2203sp4.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"hdf5-mpich-1.14.5-3.oe2203sp4.aarch64.rpm", "name":"hdf5-mpich-1.14.5-3.oe2203sp4.aarch64.rpm" }, "name":"hdf5-mpich-1.14.5-3.oe2203sp4.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"hdf5-mpich-devel-1.14.5-3.oe2203sp4.aarch64.rpm", "name":"hdf5-mpich-devel-1.14.5-3.oe2203sp4.aarch64.rpm" }, "name":"hdf5-mpich-devel-1.14.5-3.oe2203sp4.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"hdf5-mpich-static-1.14.5-3.oe2203sp4.aarch64.rpm", "name":"hdf5-mpich-static-1.14.5-3.oe2203sp4.aarch64.rpm" }, "name":"hdf5-mpich-static-1.14.5-3.oe2203sp4.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"hdf5-openmpi-1.14.5-3.oe2203sp4.aarch64.rpm", "name":"hdf5-openmpi-1.14.5-3.oe2203sp4.aarch64.rpm" }, "name":"hdf5-openmpi-1.14.5-3.oe2203sp4.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"hdf5-openmpi-devel-1.14.5-3.oe2203sp4.aarch64.rpm", "name":"hdf5-openmpi-devel-1.14.5-3.oe2203sp4.aarch64.rpm" }, "name":"hdf5-openmpi-devel-1.14.5-3.oe2203sp4.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"hdf5-openmpi-static-1.14.5-3.oe2203sp4.aarch64.rpm", "name":"hdf5-openmpi-static-1.14.5-3.oe2203sp4.aarch64.rpm" }, "name":"hdf5-openmpi-static-1.14.5-3.oe2203sp4.aarch64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"hdf5-1.14.5-3.oe2203sp4.src.rpm", "name":"hdf5-1.14.5-3.oe2203sp4.src.rpm" }, "name":"hdf5-1.14.5-3.oe2203sp4.src.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"x86_64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"hdf5-1.14.5-3.oe2203sp4.x86_64.rpm", "name":"hdf5-1.14.5-3.oe2203sp4.x86_64.rpm" }, "name":"hdf5-1.14.5-3.oe2203sp4.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"hdf5-debuginfo-1.14.5-3.oe2203sp4.x86_64.rpm", "name":"hdf5-debuginfo-1.14.5-3.oe2203sp4.x86_64.rpm" }, "name":"hdf5-debuginfo-1.14.5-3.oe2203sp4.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"hdf5-debugsource-1.14.5-3.oe2203sp4.x86_64.rpm", "name":"hdf5-debugsource-1.14.5-3.oe2203sp4.x86_64.rpm" }, "name":"hdf5-debugsource-1.14.5-3.oe2203sp4.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"hdf5-devel-1.14.5-3.oe2203sp4.x86_64.rpm", "name":"hdf5-devel-1.14.5-3.oe2203sp4.x86_64.rpm" }, "name":"hdf5-devel-1.14.5-3.oe2203sp4.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"hdf5-mpich-1.14.5-3.oe2203sp4.x86_64.rpm", "name":"hdf5-mpich-1.14.5-3.oe2203sp4.x86_64.rpm" }, "name":"hdf5-mpich-1.14.5-3.oe2203sp4.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"hdf5-mpich-devel-1.14.5-3.oe2203sp4.x86_64.rpm", "name":"hdf5-mpich-devel-1.14.5-3.oe2203sp4.x86_64.rpm" }, "name":"hdf5-mpich-devel-1.14.5-3.oe2203sp4.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"hdf5-mpich-static-1.14.5-3.oe2203sp4.x86_64.rpm", "name":"hdf5-mpich-static-1.14.5-3.oe2203sp4.x86_64.rpm" }, "name":"hdf5-mpich-static-1.14.5-3.oe2203sp4.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"hdf5-openmpi-1.14.5-3.oe2203sp4.x86_64.rpm", "name":"hdf5-openmpi-1.14.5-3.oe2203sp4.x86_64.rpm" }, "name":"hdf5-openmpi-1.14.5-3.oe2203sp4.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"hdf5-openmpi-devel-1.14.5-3.oe2203sp4.x86_64.rpm", "name":"hdf5-openmpi-devel-1.14.5-3.oe2203sp4.x86_64.rpm" }, "name":"hdf5-openmpi-devel-1.14.5-3.oe2203sp4.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"hdf5-openmpi-static-1.14.5-3.oe2203sp4.x86_64.rpm", "name":"hdf5-openmpi-static-1.14.5-3.oe2203sp4.x86_64.rpm" }, "name":"hdf5-openmpi-static-1.14.5-3.oe2203sp4.x86_64.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"hdf5-1.14.5-3.oe2203sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.aarch64", "name":"hdf5-1.14.5-3.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"hdf5-debuginfo-1.14.5-3.oe2203sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.aarch64", "name":"hdf5-debuginfo-1.14.5-3.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"hdf5-debugsource-1.14.5-3.oe2203sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.aarch64", "name":"hdf5-debugsource-1.14.5-3.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"hdf5-devel-1.14.5-3.oe2203sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.aarch64", "name":"hdf5-devel-1.14.5-3.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"hdf5-mpich-1.14.5-3.oe2203sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.aarch64", "name":"hdf5-mpich-1.14.5-3.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"hdf5-mpich-devel-1.14.5-3.oe2203sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.aarch64", "name":"hdf5-mpich-devel-1.14.5-3.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"hdf5-mpich-static-1.14.5-3.oe2203sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.aarch64", "name":"hdf5-mpich-static-1.14.5-3.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"hdf5-openmpi-1.14.5-3.oe2203sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.aarch64", "name":"hdf5-openmpi-1.14.5-3.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"hdf5-openmpi-devel-1.14.5-3.oe2203sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.aarch64", "name":"hdf5-openmpi-devel-1.14.5-3.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"hdf5-openmpi-static-1.14.5-3.oe2203sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.aarch64", "name":"hdf5-openmpi-static-1.14.5-3.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"hdf5-1.14.5-3.oe2203sp4.src.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.src", "name":"hdf5-1.14.5-3.oe2203sp4.src as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"hdf5-1.14.5-3.oe2203sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.x86_64", "name":"hdf5-1.14.5-3.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"hdf5-debuginfo-1.14.5-3.oe2203sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.x86_64", "name":"hdf5-debuginfo-1.14.5-3.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"hdf5-debugsource-1.14.5-3.oe2203sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.x86_64", "name":"hdf5-debugsource-1.14.5-3.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"hdf5-devel-1.14.5-3.oe2203sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.x86_64", "name":"hdf5-devel-1.14.5-3.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"hdf5-mpich-1.14.5-3.oe2203sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.x86_64", "name":"hdf5-mpich-1.14.5-3.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"hdf5-mpich-devel-1.14.5-3.oe2203sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.x86_64", "name":"hdf5-mpich-devel-1.14.5-3.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"hdf5-mpich-static-1.14.5-3.oe2203sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.x86_64", "name":"hdf5-mpich-static-1.14.5-3.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"hdf5-openmpi-1.14.5-3.oe2203sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.x86_64", "name":"hdf5-openmpi-1.14.5-3.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"hdf5-openmpi-devel-1.14.5-3.oe2203sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.x86_64", "name":"hdf5-openmpi-devel-1.14.5-3.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"hdf5-openmpi-static-1.14.5-3.oe2203sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.x86_64", "name":"hdf5-openmpi-static-1.14.5-3.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2025-2153", "notes":[ { "text":"A vulnerability, which was classified as critical, was found in HDF5 1.14.6. Affected is the function H5SM_delete of the file H5SM.c of the component h5 File Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.src", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.src", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.x86_64" ], "details":"hdf5 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1133" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":8.1, "vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.src", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2025-2153" }, { "cve":"CVE-2025-2310", "notes":[ { "text":"A vulnerability was found in HDF5 1.14.6 and classified as critical. This issue affects the function H5MM_strndup of the component Metadata Attribute Decoder. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The vendor plans to fix this issue in an upcoming release.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.src", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.src", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.x86_64" ], "details":"hdf5 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1133" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.8, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.src", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2025-2310" }, { "cve":"CVE-2025-2912", "notes":[ { "text":"A vulnerability was found in HDF5 up to 1.14.6. It has been declared as problematic. Affected by this vulnerability is the function H5O_msg_flush of the file src/H5Omessage.c. The manipulation of the argument oh leads to heap-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.src", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.src", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.x86_64" ], "details":"hdf5 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1133" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.3, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.src", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2025-2912" }, { "cve":"CVE-2025-2913", "notes":[ { "text":"A vulnerability was found in HDF5 up to 1.14.6. It has been rated as critical. Affected by this issue is the function H5FL__blk_gc_list of the file src/H5FL.c. The manipulation of the argument H5FL_blk_head_t leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.src", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.src", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.x86_64" ], "details":"hdf5 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1133" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.3, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.src", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2025-2913" }, { "cve":"CVE-2025-2914", "notes":[ { "text":"A vulnerability classified as problematic has been found in HDF5 up to 1.14.6. This affects the function H5FS__sinfo_Srialize_Sct_cb of the file src/H5FScache.c. The manipulation of the argument sect leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.src", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.src", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.x86_64" ], "details":"hdf5 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1133" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"LOW", "baseScore":3.3, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.src", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.x86_64" ] } ], "threats":[ { "details":"Low", "category":"impact" } ], "title":"CVE-2025-2914" }, { "cve":"CVE-2025-2923", "notes":[ { "text":"A vulnerability, which was classified as problematic, has been found in HDF5 up to 1.14.6. Affected by this issue is the function H5F_addr_encode_len of the file src/H5Fint.c. The manipulation of the argument pp leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.src", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.src", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.x86_64" ], "details":"hdf5 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1133" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"LOW", "baseScore":3.3, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.src", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.x86_64" ] } ], "threats":[ { "details":"Low", "category":"impact" } ], "title":"CVE-2025-2923" }, { "cve":"CVE-2025-2924", "notes":[ { "text":"A vulnerability, which was classified as problematic, was found in HDF5 up to 1.14.6. This affects the function H5HL__fl_deserialize of the file src/H5HLcache.c. The manipulation of the argument free_block leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.src", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.src", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.x86_64" ], "details":"hdf5 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1133" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.src", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2025-2924" }, { "cve":"CVE-2025-2925", "notes":[ { "text":"A vulnerability has been found in HDF5 up to 1.14.6 and classified as problematic. This vulnerability affects the function H5MM_realloc of the file src/H5MM.c. The manipulation of the argument mem leads to double free. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.src", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.src", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.x86_64" ], "details":"hdf5 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1133" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.src", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2025-2925" }, { "cve":"CVE-2025-2926", "notes":[ { "text":"A vulnerability was found in HDF5 up to 1.14.6 and classified as problematic. This issue affects the function H5O__cache_chk_serialize of the file src/H5Ocache.c. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.src", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.src", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.x86_64" ], "details":"hdf5 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1133" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.src", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2025-2926" }, { "cve":"CVE-2025-44905", "notes":[ { "text":"hdf5 v1.14.6 was discovered to contain a heap buffer overflow via the H5Z__filter_scaleoffset function.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.src", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.src", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.x86_64" ], "details":"hdf5 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1133" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":8.8, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.src", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2025-44905" }, { "cve":"CVE-2025-6269", "notes":[ { "text":"A vulnerability classified as critical was found in HDF5 up to 1.14.6. Affected by this vulnerability is the function H5C__reconstruct_cache_entry of the file H5Cimage.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.src", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.src", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.x86_64" ], "details":"hdf5 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1133" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.3, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.src", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2025-6269" }, { "cve":"CVE-2025-6516", "notes":[ { "text":"A vulnerability has been found in HDF5 up to 1.14.6 and classified as critical. This vulnerability affects the function H5F_addr_decode_len of the file /hdf5/src/H5Fint.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.src", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.src", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.x86_64" ], "details":"hdf5 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1133" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.8, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.src", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2025-6516" }, { "cve":"CVE-2025-6750", "notes":[ { "text":"A vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. Affected by this issue is the function H5O__mtime_new_encode of the file src/H5Omtime.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.src", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.src", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.x86_64" ], "details":"hdf5 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1133" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"LOW", "baseScore":3.3, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.src", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.x86_64" ] } ], "threats":[ { "details":"Low", "category":"impact" } ], "title":"CVE-2025-6750" }, { "cve":"CVE-2025-6816", "notes":[ { "text":"A vulnerability classified as problematic was found in HDF5 1.14.6. This vulnerability affects the function H5O__fsinfo_encode of the file /src/H5Ofsinfo.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.src", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.src", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.x86_64" ], "details":"hdf5 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1133" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"LOW", "baseScore":3.3, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.src", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.x86_64" ] } ], "threats":[ { "details":"Low", "category":"impact" } ], "title":"CVE-2025-6816" }, { "cve":"CVE-2025-6818", "notes":[ { "text":"A vulnerability, which was classified as problematic, was found in HDF5 1.14.6. Affected is the function H5O__chunk_protect of the file /src/H5Ochunk.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.src", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.src", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.x86_64" ], "details":"hdf5 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1133" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.8, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.src", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2025-6818" }, { "cve":"CVE-2025-6856", "notes":[ { "text":"A vulnerability, which was classified as problematic, was found in HDF5 1.14.6. Affected is the function H5FL__reg_gc_list of the file src/H5FL.c. The manipulation leads to use after free. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.src", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.src", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.x86_64" ], "details":"hdf5 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1133" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.8, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.src", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2025-6856" }, { "cve":"CVE-2025-6857", "notes":[ { "text":"A vulnerability has been found in HDF5 1.14.6 and classified as problematic. Affected by this vulnerability is the function H5G__node_cmp3 of the file src/H5Gnode.c. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.src", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.src", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.x86_64" ], "details":"hdf5 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1133" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.8, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.src", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2025-6857" }, { "cve":"CVE-2025-6858", "notes":[ { "text":"A vulnerability was found in HDF5 1.14.6 and classified as problematic. Affected by this issue is the function H5C__flush_single_entry of the file src/H5Centry.c. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.src", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.src", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.x86_64" ], "details":"hdf5 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1133" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.src", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2025-6858" }, { "cve":"CVE-2025-7067", "notes":[ { "text":"A vulnerability classified as problematic was found in HDF5 1.14.6. This vulnerability affects the function H5FS__sinfo_serialize_node_cb of the file src/H5FScache.c. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.src", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.src", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.x86_64" ], "details":"hdf5 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1133" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.src", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2025-7067" }, { "cve":"CVE-2025-7068", "notes":[ { "text":"A vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. This issue affects the function H5FL__malloc of the file src/H5FL.c. The manipulation leads to memory leak. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.src", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.src", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.x86_64" ], "details":"hdf5 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1133" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.src", "openEuler-22.03-LTS-SP4:hdf5-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debuginfo-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-debugsource-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-mpich-static-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-devel-1.14.5-3.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:hdf5-openmpi-static-1.14.5-3.oe2203sp4.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2025-7068" } ] }