Skip to content

Added entries for GH issues #5572 and #5573 #5928

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
wants to merge 3 commits into
base: develop
Choose a base branch
from
Draft

Added entries for GH issues #5572 and #5573 #5928

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
fe12b05
Added entries for GH issues #5572 and #5573
bmribler Oct 19, 2025
4bb788d
Fixed typos
bmribler Oct 20, 2025
0ec12a1
Merge branch 'develop' into update_changelog
lrknox Oct 21, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 14 additions & 0 deletions release_docs/CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -557,6 +557,20 @@ Added Fortran wrapper h5fdsubfiling_get_file_mapping_f() for the subfiling file

## Library

### Security issue CVE-2025-6817

A malformed file caused H5C__load_entry() to attempt to allocate a very large
buffer, resulting in a crash. This issue is indirectly fixed by PR #5710.

Fixes GitHub issue #5572

### Security issue CVE-2025-6818

A malformed file caused a heap-buffer-overflow in H5O__chunk_protect() and
the issue is indirectly fixed by PR #5829.

Fixes GitHub issue #5573

### Fixed security issue CVE-2025-2915 and OSV-2024-381

Fixed a heap-based buffer overflow in H5F__accum_free caused by an integer overflow when calculating new_accum_size. Added validation in H5O__mdci_decode to detect and reject invalid values early, preventing the overflow condition.
Expand Down