CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2025-2926 – HDF5 H5Ocache.c H5O__cache_chk_serialize null pointer dereference
https://notcve.org/view.php?id=CVE-2025-2926
28 Mar 2025 — A vulnerability was found in HDF5 up to 1.14.6 and classified as problematic. This issue affects the function H5O__cache_chk_serialize of the file src/H5Ocache.c. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. • https://github.com/HDFGroup/hdf5/issues/5384 • CWE-404: Improper Resource Shutdown or Release CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2025-2925 – HDF5 H5MM.c H5MM_realloc double free
https://notcve.org/view.php?id=CVE-2025-2925
28 Mar 2025 — A vulnerability has been found in HDF5 up to 1.14.6 and classified as problematic. This vulnerability affects the function H5MM_realloc of the file src/H5MM.c. The manipulation of the argument mem leads to double free. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. • https://github.com/HDFGroup/hdf5/issues/5383 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-415: Double Free •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2025-2924 – HDF5 H5HLcache.c H5HL__fl_deserialize heap-based overflow
https://notcve.org/view.php?id=CVE-2025-2924
28 Mar 2025 — A vulnerability, which was classified as problematic, was found in HDF5 up to 1.14.6. This affects the function H5HL__fl_deserialize of the file src/H5HLcache.c. The manipulation of the argument free_block leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. • https://github.com/HDFGroup/hdf5/issues/5382 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2025-2915 – HDF5 H5Faccum.c H5F__accum_free heap-based overflow
https://notcve.org/view.php?id=CVE-2025-2915
28 Mar 2025 — A vulnerability classified as problematic was found in HDF5 up to 1.14.6. This vulnerability affects the function H5F__accum_free of the file src/H5Faccum.c. The manipulation of the argument overlap_size leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. • https://github.com/HDFGroup/hdf5/issues/5380 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 11EXPL: 0CVE-2024-32608 – hdf5: multiple CVEs
https://notcve.org/view.php?id=CVE-2024-32608
09 Oct 2024 — HDF5 library through 1.14.3 has memory corruption in H5A__close resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. HDF5 library contains a memory corruption issue in H5A__close() function resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. • https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 1CVE-2020-18494
https://notcve.org/view.php?id=CVE-2020-18494
22 Aug 2023 — Buffer Overflow vulnerability in function H5S_close in H5S.c in HDF5 1.10.4 allows remote attackers to run arbitrary code via creation of crafted file. • https://github.com/magicSwordsMan/PAAFS/tree/master/vul12 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 1CVE-2020-18232
https://notcve.org/view.php?id=CVE-2020-18232
22 Aug 2023 — Buffer Overflow vulnerability in function H5S_close in H5S.c in HDF5 1.10.4 allows remote attackers to run arbitrary code via creation of crafted file. • https://github.com/winson2004aa/PAAFS/tree/master/vul2 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-37501 – hdf5: heap buffer overread
https://notcve.org/view.php?id=CVE-2021-37501
03 Feb 2023 — Buffer Overflow vulnerability in HDFGroup hdf5-h5dump 1.12.0 through 1.13.0 allows attackers to cause a denial of service via h5tools_str_sprint in /hdf5/tools/lib/h5tools_str.c. Update hdf5 and libaec to latest upstream version with several CVE fixes. • https://github.com/HDFGroup/hdf5 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-26061
https://notcve.org/view.php?id=CVE-2022-26061
22 Aug 2022 — A heap-based buffer overflow vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially-crafted GIF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. Se presenta una vulnerabilidad de desbordamiento de búfer en la región heap de la memoria en la funcionalidad gif2h5 de HDF5 Group libhdf5 versión 1.10.4. Un archivo GIF especialmente diseñado puede conllevar a una ejecución de código. • https://talosintelligence.com/vulnerability_reports/TALOS-2022-1487 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-25972
https://notcve.org/view.php?id=CVE-2022-25972
22 Aug 2022 — An out-of-bounds write vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially-crafted GIF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. Se presenta una vulnerabilidad de escritura fuera de límites en la funcionalidad gif2h5 de HDF5 Group libhdf5 versión 1.10.4. Un archivo GIF especialmente diseñado puede conllevar a una ejecución de código. • https://talosintelligence.com/vulnerability_reports/TALOS-2022-1485 • CWE-787: Out-of-bounds Write •