An update for hdf5 is now available for openEuler-24.03-LTS-SP2 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2026-1005 Final 1.0 1.0 2026-01-09 Initial 2026-01-09 2026-01-09 openEuler SA Tool V1.0 2026-01-09 hdf5 security update An update for hdf5 is now available for openEuler-24.03-LTS-SP2 HDF5 is a data model, library, and file format for storing and managing data. It supports an unlimited variety of datatypes, and is designed for flexible and efficient I/O and for high volume and complex data. HDF5 is portable and is extensible, allowing applications to evolve in their use of HDF5. The HDF5 Technology suite includes tools and applications for managing, manipulating, viewing, and analyzing data in the HDF5 format. Security Fix(es): A vulnerability, which was classified as critical, was found in HDF5 1.14.6. Affected is the function H5SM_delete of the file H5SM.c of the component h5 File Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used.(CVE-2025-2153) A vulnerability classified as problematic has been found in HDF5 up to 1.14.6. This affects the function H5FS__sinfo_Srialize_Sct_cb of the file src/H5FScache.c. The manipulation of the argument sect leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.(CVE-2025-2914) A vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. Affected by this issue is the function H5O__mtime_new_encode of the file src/H5Omtime.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.(CVE-2025-6750) A vulnerability classified as problematic was found in HDF5 1.14.6. This vulnerability affects the function H5O__fsinfo_encode of the file /src/H5Ofsinfo.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.(CVE-2025-6816) An update for hdf5 is now available for master/openEuler-20.03-LTS-SP4/openEuler-22.03-LTS-SP3/openEuler-22.03-LTS-SP4/openEuler-24.03-LTS/openEuler-24.03-LTS-Next/openEuler-24.03-LTS-SP1/openEuler-24.03-LTS-SP2/openEuler-24.03-LTS-SP3. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High hdf5 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1005 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-2153 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-2914 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-6750 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-6816 https://nvd.nist.gov/vuln/detail/CVE-2025-2153 https://nvd.nist.gov/vuln/detail/CVE-2025-2914 https://nvd.nist.gov/vuln/detail/CVE-2025-6750 https://nvd.nist.gov/vuln/detail/CVE-2025-6816 openEuler-24.03-LTS-SP2 hdf5-1.14.5-2.oe2403sp2.src.rpm hdf5-1.14.5-2.oe2403sp2.x86_64.rpm hdf5-debuginfo-1.14.5-2.oe2403sp2.x86_64.rpm hdf5-debugsource-1.14.5-2.oe2403sp2.x86_64.rpm hdf5-devel-1.14.5-2.oe2403sp2.x86_64.rpm hdf5-mpich-1.14.5-2.oe2403sp2.x86_64.rpm hdf5-mpich-devel-1.14.5-2.oe2403sp2.x86_64.rpm hdf5-mpich-static-1.14.5-2.oe2403sp2.x86_64.rpm hdf5-openmpi-1.14.5-2.oe2403sp2.x86_64.rpm hdf5-openmpi-devel-1.14.5-2.oe2403sp2.x86_64.rpm hdf5-openmpi-static-1.14.5-2.oe2403sp2.x86_64.rpm hdf5-1.14.5-2.oe2403sp2.aarch64.rpm hdf5-debuginfo-1.14.5-2.oe2403sp2.aarch64.rpm hdf5-debugsource-1.14.5-2.oe2403sp2.aarch64.rpm hdf5-devel-1.14.5-2.oe2403sp2.aarch64.rpm hdf5-mpich-1.14.5-2.oe2403sp2.aarch64.rpm hdf5-mpich-devel-1.14.5-2.oe2403sp2.aarch64.rpm hdf5-mpich-static-1.14.5-2.oe2403sp2.aarch64.rpm hdf5-openmpi-1.14.5-2.oe2403sp2.aarch64.rpm hdf5-openmpi-devel-1.14.5-2.oe2403sp2.aarch64.rpm hdf5-openmpi-static-1.14.5-2.oe2403sp2.aarch64.rpm A vulnerability, which was classified as critical, was found in HDF5 1.14.6. Affected is the function H5SM_delete of the file H5SM.c of the component h5 File Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. 2026-01-09 CVE-2025-2153 openEuler-24.03-LTS-SP2 High 8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H hdf5 security update 2026-01-09 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1005 A vulnerability classified as problematic has been found in HDF5 up to 1.14.6. This affects the function H5FS__sinfo_Srialize_Sct_cb of the file src/H5FScache.c. The manipulation of the argument sect leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. 2026-01-09 CVE-2025-2914 openEuler-24.03-LTS-SP2 Low 3.3 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L hdf5 security update 2026-01-09 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1005 A vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. Affected by this issue is the function H5O__mtime_new_encode of the file src/H5Omtime.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. 2026-01-09 CVE-2025-6750 openEuler-24.03-LTS-SP2 Low 3.3 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L hdf5 security update 2026-01-09 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1005 A vulnerability classified as problematic was found in HDF5 1.14.6. This vulnerability affects the function H5O__fsinfo_encode of the file /src/H5Ofsinfo.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. 2026-01-09 CVE-2025-6816 openEuler-24.03-LTS-SP2 Low 3.3 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L hdf5 security update 2026-01-09 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1005