Buffer Overflow Affecting hdf5 package, versions [,1.13.1)[1.14.0,1.14.1)


Severity

Recommended
0.0
medium
0
10

CVSS assessment by Snyk's Security Team. Learn more

Threat Intelligence

Exploit Maturity
Proof of Concept
EPSS
0.06% (18th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-CONAN-HDF5-10076038
  • published8 May 2025
  • disclosed6 Feb 2023
  • creditST4RF4LL

Introduced: 6 Feb 2023

CVE-2021-37501  (opens in a new tab)
CWE-120  (opens in a new tab)

How to fix?

Upgrade hdf5 to version 1.13.1, 1.14.1 or higher.

Overview

Affected versions of this package are vulnerable to Buffer Overflow via h5tools_str_sprint in /hdf5/tools/lib/h5tools_str.c.

CVSS Base Scores

version 3.1