Hdfgroup Hdf5 vulnerabilities

CVE-2026-29043 [MEDIUM] CWE-122 CVE-2026-29043: HDF5 is software for managing data. In 1.14.1-2 and earlier, an attacker who can control an h5 file HDF5 is software for managing data. In 1.14.1-2 and earlier, an attacker who can control an h5 file parsed by HDF5 can trigger a write-based heap buffer overflow condition in the H5T__ref_mem_setnull method. This can lead to a denial-of-service condition, and potentially further issues such as remote code execution depending on the practical exploita

CVE-2026-34734 [HIGH] CWE-416 CVE-2026-34734: HDF5 is software for managing data. In 1.14.1-2 and earlier, a heap-use-after-free was found in the HDF5 is software for managing data. In 1.14.1-2 and earlier, a heap-use-after-free was found in the h5dump helper utility. An attacker who can supply a malicious h5 file can trigger a heap use-after-free. The freed object is referenced in a memmove call from H5T__conv_struct. The original object was allocated by H5D__typeinfo_init_phase3 and freed by H

CVE-2026-26200 [HIGH] CWE-122 CVE-2026-26200: HDF5 is software for managing data. Prior to version 1.14.4-2, an attacker who can control an `h5` f HDF5 is software for managing data. Prior to version 1.14.4-2, an attacker who can control an `h5` file parsed by HDF5 can trigger a write-based heap buffer overflow condition. This can lead to a denial-of-service condition, and potentially further issues such as remote code execution depending on the practical exploitability of the heap overflow agai

CVE-2025-7069 [MEDIUM] CWE-119 CVE-2025-7069: A vulnerability, which was classified as problematic, was found in HDF5 1.14.6. Affected is the func A vulnerability, which was classified as problematic, was found in HDF5 1.14.6. Affected is the function H5FS__sect_link_size of the file src/H5FSsection.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.

CVE-2025-7068 [MEDIUM] CWE-401 CVE-2025-7068: A vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. This issue affe A vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. This issue affects the function H5FL__malloc of the file src/H5FL.c. The manipulation leads to memory leak. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.

CVE-2025-7067 [MEDIUM] CWE-119 CVE-2025-7067: A vulnerability classified as problematic was found in HDF5 1.14.6. This vulnerability affects the f A vulnerability classified as problematic was found in HDF5 1.14.6. This vulnerability affects the function H5FS__sinfo_serialize_node_cb of the file src/H5FScache.c. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.

CVE-2025-6857 [MEDIUM] CWE-119 CVE-2025-6857: A vulnerability has been found in HDF5 1.14.6 and classified as problematic. Affected by this vulner A vulnerability has been found in HDF5 1.14.6 and classified as problematic. Affected by this vulnerability is the function H5G__node_cmp3 of the file src/H5Gnode.c. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.

CVE-2025-6858 [MEDIUM] CWE-404 CVE-2025-6858: A vulnerability was found in HDF5 1.14.6 and classified as problematic. Affected by this issue is th A vulnerability was found in HDF5 1.14.6 and classified as problematic. Affected by this issue is the function H5C__flush_single_entry of the file src/H5Centry.c. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.

CVE-2025-6856 [MEDIUM] CWE-119 CVE-2025-6856: A vulnerability, which was classified as problematic, was found in HDF5 1.14.6. Affected is the func A vulnerability, which was classified as problematic, was found in HDF5 1.14.6. Affected is the function H5FL__reg_gc_list of the file src/H5FL.c. The manipulation leads to use after free. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.

CVE-2025-6816 [MEDIUM] CWE-119 CVE-2025-6816: A vulnerability classified as problematic was found in HDF5 1.14.6. This vulnerability affects the f A vulnerability classified as problematic was found in HDF5 1.14.6. This vulnerability affects the function H5O__fsinfo_encode of the file /src/H5Ofsinfo.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.

CVE-2025-6818 [MEDIUM] CWE-119 CVE-2025-6818: A vulnerability, which was classified as problematic, was found in HDF5 1.14.6. Affected is the func A vulnerability, which was classified as problematic, was found in HDF5 1.14.6. Affected is the function H5O__chunk_protect of the file /src/H5Ochunk.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.

CVE-2025-6817 [MEDIUM] CWE-400 CVE-2025-6817: A vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. This issue affe A vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. This issue affects the function H5C__load_entry of the file /src/H5Centry.c. The manipulation leads to resource consumption. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.

CVE-2025-6750 [MEDIUM] CWE-119 CVE-2025-6750: A vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. Affected by thi A vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. Affected by this issue is the function H5O__mtime_new_encode of the file src/H5Omtime.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.

CVE-2025-6516 [MEDIUM] CWE-119 CVE-2025-6516: A vulnerability has been found in HDF5 up to 1.14.6 and classified as critical. This vulnerability a A vulnerability has been found in HDF5 up to 1.14.6 and classified as critical. This vulnerability affects the function H5F_addr_decode_len of the file /hdf5/src/H5Fint.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.

CVE-2025-6270 [MEDIUM] CWE-119 CVE-2025-6270: A vulnerability, which was classified as critical, has been found in HDF5 up to 1.14.6. Affected by A vulnerability, which was classified as critical, has been found in HDF5 up to 1.14.6. Affected by this issue is the function H5FS__sect_find_node of the file H5FSsection.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.

CVE-2025-6269 [MEDIUM] CWE-119 CVE-2025-6269: A vulnerability classified as critical was found in HDF5 up to 1.14.6. Affected by this vulnerabilit A vulnerability classified as critical was found in HDF5 up to 1.14.6. Affected by this vulnerability is the function H5C__reconstruct_cache_entry of the file H5Cimage.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.

CVE-2025-44904 [HIGH] CWE-122 CVE-2025-44904: hdf5 v1.14.6 was discovered to contain a heap buffer overflow via the H5VM_memcpyvv function. hdf5 v1.14.6 was discovered to contain a heap buffer overflow via the H5VM_memcpyvv function.

CVE-2025-44905 [HIGH] CWE-122 CVE-2025-44905: hdf5 v1.14.6 was discovered to contain a heap buffer overflow via the H5Z__filter_scaleoffset functi hdf5 v1.14.6 was discovered to contain a heap buffer overflow via the H5Z__filter_scaleoffset function.

CVE-2025-2912 [MEDIUM] CWE-119 CVE-2025-2912: A vulnerability was found in HDF5 up to 1.14.6. It has been declared as problematic. Affected by thi A vulnerability was found in HDF5 up to 1.14.6. It has been declared as problematic. Affected by this vulnerability is the function H5O_msg_flush of the file src/H5Omessage.c. The manipulation of the argument oh leads to heap-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.

CVE-2025-2923 [MEDIUM] CWE-119 CVE-2025-2923: A vulnerability, which was classified as problematic, has been found in HDF5 up to 1.14.6. Affected A vulnerability, which was classified as problematic, has been found in HDF5 up to 1.14.6. Affected by this issue is the function H5F_addr_encode_len of the file src/H5Fint.c. The manipulation of the argument pp leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.