Hdf5
by Hdfgroup
Source repositories
CVEs (72)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-2925 | Low | 0.21 | 3.3 | 0.00 | Mar 28, 2025 | A vulnerability has been found in HDF5 up to 1.14.6 and classified as problematic. This vulnerability affects the function H5MM_realloc of the file src/H5MM.c. The manipulation of the argument mem leads to double free. The attack needs to be approached locally. The exploit has… | ||
| CVE-2025-2924 | Low | 0.21 | 3.3 | 0.00 | Mar 28, 2025 | A vulnerability, which was classified as problematic, was found in HDF5 up to 1.14.6. This affects the function H5HL__fl_deserialize of the file src/H5HLcache.c. The manipulation of the argument free_block leads to heap-based buffer overflow. It is possible to launch the attack… | ||
| CVE-2025-2915 | Low | 0.21 | 3.3 | 0.00 | Mar 28, 2025 | A vulnerability classified as problematic was found in HDF5 up to 1.14.6. This vulnerability affects the function H5F__accum_free of the file src/H5Faccum.c. The manipulation of the argument overlap_size leads to heap-based buffer overflow. Attacking locally is a requirement.… | ||
| CVE-2025-2914 | Low | 0.21 | 3.3 | 0.00 | Mar 28, 2025 | A vulnerability classified as problematic has been found in HDF5 up to 1.14.6. This affects the function H5FS__sinfo_Srialize_Sct_cb of the file src/H5FScache.c. The manipulation of the argument sect leads to heap-based buffer overflow. Local access is required to approach this… | ||
| CVE-2025-2923 | Low | 0.14 | 3.3 | 0.00 | Mar 28, 2025 | A vulnerability, which was classified as problematic, has been found in HDF5 up to 1.14.6. Affected by this issue is the function H5F_addr_encode_len of the file src/H5Fint.c. The manipulation of the argument pp leads to heap-based buffer overflow. Attacking locally is a… | ||
| CVE-2025-2913 | Low | 0.14 | 3.3 | 0.00 | Mar 28, 2025 | A vulnerability was found in HDF5 up to 1.14.6. It has been rated as critical. Affected by this issue is the function H5FL__blk_gc_list of the file src/H5FL.c. The manipulation of the argument H5FL_blk_head_t leads to use after free. An attack has to be approached locally. The… | ||
| CVE-2025-2912 | Low | 0.14 | 3.3 | 0.00 | Mar 28, 2025 | A vulnerability was found in HDF5 up to 1.14.6. It has been declared as problematic. Affected by this vulnerability is the function H5O_msg_flush of the file src/H5Omessage.c. The manipulation of the argument oh leads to heap-based buffer overflow. The attack needs to be… | ||
| CVE-2026-26200 | 0.00 | — | 0.00 | Feb 19, 2026 | HDF5 is software for managing data. Prior to version 1.14.4-2, an attacker who can control an `h5` file parsed by HDF5 can trigger a write-based heap buffer overflow condition. This can lead to a denial-of-service condition, and potentially further issues such as remote code… | |||
| CVE-2024-29166 | 0.00 | — | 0.00 | May 9, 2024 | HDF5 through 1.14.3 contains a buffer overflow in H5O__linfo_decode, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. | |||
| CVE-2024-29165 | 0.00 | — | 0.00 | May 9, 2024 | HDF5 through 1.14.3 contains a buffer overflow in H5Z__filter_fletcher32, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. | |||
| CVE-2024-29164 | 0.00 | — | 0.01 | May 9, 2024 | HDF5 through 1.14.3 contains a stack buffer overflow in H5R__decode_heap, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. | |||
| CVE-2024-29163 | 0.00 | — | 0.00 | May 9, 2024 | HDF5 through 1.14.3 contains a heap buffer overflow in H5T__bit_find, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. | |||
| CVE-2024-29162 | 0.00 | — | 0.00 | May 9, 2024 | HDF5 through 1.13.3 and/or 1.14.2 contains a stack buffer overflow in H5HG_read, resulting in denial of service or potential code execution. | |||
| CVE-2024-29161 | 0.00 | — | 0.01 | May 9, 2024 | HDF5 through 1.14.3 contains a heap buffer overflow in H5A__attr_release_table, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. | |||
| CVE-2024-29159 | 0.00 | — | 0.01 | May 9, 2024 | HDF5 through 1.14.3 contains a buffer overflow in H5Z__filter_scaleoffset, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. | |||
| CVE-2024-29158 | 0.00 | — | 0.00 | May 9, 2024 | HDF5 through 1.14.3 contains a stack buffer overflow in H5FL_arr_malloc, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. | |||
| CVE-2024-29157 | 0.00 | — | 0.01 | May 9, 2024 | HDF5 through 1.14.3 contains a heap buffer overflow in H5HG_read, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. | |||
| CVE-2020-18494 | 0.00 | — | 0.01 | Aug 22, 2023 | Buffer Overflow vulnerability in function H5S_close in H5S.c in HDF5 1.10.4 allows remote attackers to run arbitrary code via creation of crafted file. | |||
| CVE-2020-18232 | 0.00 | — | 0.01 | Aug 22, 2023 | Buffer Overflow vulnerability in function H5S_close in H5S.c in HDF5 1.10.4 allows remote attackers to run arbitrary code via creation of crafted file. | |||
| CVE-2021-46244 | 0.00 | — | 0.01 | Jan 21, 2022 | A Divide By Zero vulnerability exists in HDF5 v1.13.1-1 vis the function H5T__complete_copy () at /hdf5/src/H5T.c. This vulnerability causes an aritmetic exception, leading to a Denial of Service (DoS). |
- risk 0.21cvss 3.3epss 0.00
A vulnerability has been found in HDF5 up to 1.14.6 and classified as problematic. This vulnerability affects the function H5MM_realloc of the file src/H5MM.c. The manipulation of the argument mem leads to double free. The attack needs to be approached locally. The exploit has…
- risk 0.21cvss 3.3epss 0.00
A vulnerability, which was classified as problematic, was found in HDF5 up to 1.14.6. This affects the function H5HL__fl_deserialize of the file src/H5HLcache.c. The manipulation of the argument free_block leads to heap-based buffer overflow. It is possible to launch the attack…
- risk 0.21cvss 3.3epss 0.00
A vulnerability classified as problematic was found in HDF5 up to 1.14.6. This vulnerability affects the function H5F__accum_free of the file src/H5Faccum.c. The manipulation of the argument overlap_size leads to heap-based buffer overflow. Attacking locally is a requirement.…
- risk 0.21cvss 3.3epss 0.00
A vulnerability classified as problematic has been found in HDF5 up to 1.14.6. This affects the function H5FS__sinfo_Srialize_Sct_cb of the file src/H5FScache.c. The manipulation of the argument sect leads to heap-based buffer overflow. Local access is required to approach this…
- risk 0.14cvss 3.3epss 0.00
A vulnerability, which was classified as problematic, has been found in HDF5 up to 1.14.6. Affected by this issue is the function H5F_addr_encode_len of the file src/H5Fint.c. The manipulation of the argument pp leads to heap-based buffer overflow. Attacking locally is a…
- risk 0.14cvss 3.3epss 0.00
A vulnerability was found in HDF5 up to 1.14.6. It has been rated as critical. Affected by this issue is the function H5FL__blk_gc_list of the file src/H5FL.c. The manipulation of the argument H5FL_blk_head_t leads to use after free. An attack has to be approached locally. The…
- risk 0.14cvss 3.3epss 0.00
A vulnerability was found in HDF5 up to 1.14.6. It has been declared as problematic. Affected by this vulnerability is the function H5O_msg_flush of the file src/H5Omessage.c. The manipulation of the argument oh leads to heap-based buffer overflow. The attack needs to be…
- CVE-2026-26200Feb 19, 2026risk 0.00cvss —epss 0.00
HDF5 is software for managing data. Prior to version 1.14.4-2, an attacker who can control an `h5` file parsed by HDF5 can trigger a write-based heap buffer overflow condition. This can lead to a denial-of-service condition, and potentially further issues such as remote code…
- CVE-2024-29166May 9, 2024risk 0.00cvss —epss 0.00
HDF5 through 1.14.3 contains a buffer overflow in H5O__linfo_decode, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.
- CVE-2024-29165May 9, 2024risk 0.00cvss —epss 0.00
HDF5 through 1.14.3 contains a buffer overflow in H5Z__filter_fletcher32, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.
- CVE-2024-29164May 9, 2024risk 0.00cvss —epss 0.01
HDF5 through 1.14.3 contains a stack buffer overflow in H5R__decode_heap, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.
- CVE-2024-29163May 9, 2024risk 0.00cvss —epss 0.00
HDF5 through 1.14.3 contains a heap buffer overflow in H5T__bit_find, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.
- CVE-2024-29162May 9, 2024risk 0.00cvss —epss 0.00
HDF5 through 1.13.3 and/or 1.14.2 contains a stack buffer overflow in H5HG_read, resulting in denial of service or potential code execution.
- CVE-2024-29161May 9, 2024risk 0.00cvss —epss 0.01
HDF5 through 1.14.3 contains a heap buffer overflow in H5A__attr_release_table, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.
- CVE-2024-29159May 9, 2024risk 0.00cvss —epss 0.01
HDF5 through 1.14.3 contains a buffer overflow in H5Z__filter_scaleoffset, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.
- CVE-2024-29158May 9, 2024risk 0.00cvss —epss 0.00
HDF5 through 1.14.3 contains a stack buffer overflow in H5FL_arr_malloc, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.
- CVE-2024-29157May 9, 2024risk 0.00cvss —epss 0.01
HDF5 through 1.14.3 contains a heap buffer overflow in H5HG_read, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.
- CVE-2020-18494Aug 22, 2023risk 0.00cvss —epss 0.01
Buffer Overflow vulnerability in function H5S_close in H5S.c in HDF5 1.10.4 allows remote attackers to run arbitrary code via creation of crafted file.
- CVE-2020-18232Aug 22, 2023risk 0.00cvss —epss 0.01
Buffer Overflow vulnerability in function H5S_close in H5S.c in HDF5 1.10.4 allows remote attackers to run arbitrary code via creation of crafted file.
- CVE-2021-46244Jan 21, 2022risk 0.00cvss —epss 0.01
A Divide By Zero vulnerability exists in HDF5 v1.13.1-1 vis the function H5T__complete_copy () at /hdf5/src/H5T.c. This vulnerability causes an aritmetic exception, leading to a Denial of Service (DoS).
Page 3 of 4