Lucene search
K

147 matches found

CVE
CVE
added 2026/07/01 4:53 p.m.20 views

CVE-2026-12480

CVE-2026-12480 affects Keras up to 3.13.2. The root cause is an incomplete fix for CVE-2026-1669 in H5IOStore._verify_dataset() and file_editor.py, where the code fails to check the dataset.is_virtual property of HDF5 datasets. This allows an attacker to craft a malicious .keras model archive or ...

5.5CVSS6.2AI score0.00127EPSS
Exploits0References2
OSV
OSV
added 2026/07/01 4:53 p.m.5 views

CVE-2026-12480 Arbitrary HDF5 File Read via Virtual Dataset Bypass in keras-team/keras

Keras versions up to and including 3.13.2 are vulnerable to an arbitrary HDF5 file read due to an incomplete fix for CVE-2026-1669. The vulnerability resides in the H5IOStore.verifydataset and fileeditor.py methods, which fail to check the dataset.isvirtual property of HDF5 datasets. This allows ...

5.5CVSS6.2AI score0.00127EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.10 views

PT-2026-54620

Keras versions up to and including 3.13.2 are vulnerable to an arbitrary HDF5 file read due to an incomplete fix for CVE-2026-1669. The vulnerability resides in the H5IOStore. verify dataset and file editor.py methods, which fail to check the dataset.is virtual property of HDF5 datasets. This...

5.5CVSS6.2AI score0.00127EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in hdf5

A SIGFPE signal is raised in the function H5Dselectio of H5Dselect.c in the HDF HDF5 through 1.10.3 library during an attempt to parse a crafted HDF file. This occurs due to incorrect protection measures against division by zero. This could allow a remote denial-of-service attack to occur...

6.5CVSS6.9AI score0.0174EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in hdf5

A vulnerability classified as problematic was discovered in HDF5 1.14.6. This vulnerability affects the function H5Ofsinfoencode in the file /src/H5Ofsinfo.c. The vulnerability leads to a heap-based buffer overflow. An attack can be launched on the local host. The exploit has been disclosed to th...

4.8CVSS4.7AI score0.00208EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in hdf5

There is an out-of-bounds read vulnerability in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially crafted GIF file can lead to code execution. An attacker can provide a malicious file to exploit this vulnerability...

7.8CVSS7.5AI score0.00577EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.6 views

Unity Linux 20.1070e Security Update: hdf5 (UTSA-2026-017782)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017782 advisory. A SIGFPE signal is raised in the function applyfilters of h5repackfilters.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file,...

6.5CVSS6.8AI score0.01972EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.8 views

Unity Linux 20.1070e Security Update: hdf5 (UTSA-2026-017780)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017780 advisory. A SIGFPE signal is raised in the function H5Dchunksetinforeal of H5Dchunk.c in the HDF HDF5 1.10.3 library during an attempted parse of a crafted HDF file, because o...

6.5CVSS6.6AI score0.02177EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.8 views

Unity Linux 20.1070e Security Update: hdf5 (UTSA-2026-017778)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017778 advisory. A SIGFPE signal is raised in the function H5Dcreatechunkfilemaphyper of H5Dchunk.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF...

6.5CVSS6.8AI score0.01972EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.7 views

Unity Linux 20.1070e Security Update: hdf5 (UTSA-2026-017707)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017707 advisory. An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5Olinkdecode in H5Olink.c. Tenable has extracted the...

9.8CVSS5.9AI score0.01997EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.19 views

Unity Linux 20.1070e Security Update: hdf5 (UTSA-2026-017703)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017703 advisory. In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5Oplineplinedecode in H5Opline.c in libhdf5.a. For example, h5dump would crash when...

6.5CVSS6.8AI score0.01271EPSS
Exploits1References4
OSV
OSV
added 2026/04/29 1:21 p.m.9 views

JLSEC-2026-352

HDF5 is software for managing data. Prior to version 1.14.4-2, an attacker who can control an h5 file parsed by HDF5 can trigger a write-based heap buffer overflow condition. This can lead to a denial-of-service condition, and potentially further issues such as remote code execution depending on...

7.8CVSS6.7AI score0.00356EPSS
Exploits1References1
OSV
OSV
added 2026/04/09 7:1 p.m.3 views

CVE-2026-34734 HDF5: H5T__conv_struct Use After Free

HDF5 is software for managing data. In 1.14.1-2 and earlier, a heap-use-after-free was found in the h5dump helper utility. An attacker who can supply a malicious h5 file can trigger a heap use-after-free. The freed object is referenced in a memmove call from H5Tconvstruct. The original object was...

7.8CVSS7AI score0.00193EPSS
Exploits1References6
UbuntuCve
UbuntuCve
added 2026/02/20 11:16 p.m.7 views

CVE-2026-2492

TensorFlow HDF5 Library Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of TensorFlow. An attacker must first obtain the ability to execute low-privileged code on the target syste...

7CVSS7.4AI score0.00252EPSS
Exploits0References3
CVE
CVE
added 2026/02/20 10:22 p.m.15 views

CVE-2026-2492

TensorFlow HDF5 Library CVE-2026-2492 is a Local Privilege Escalation affecting the TensorFlow package’s HDF5 library, caused by insecure plugin search path handling. Affected versions are

7.8CVSS7.5AI score0.00252EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.7 views

HDF5 安全漏洞

HDF5 is a library developed by the HDF open-source project. Versions of HDF5 prior to 1.14.4-2 contained security vulnerabilities. These vulnerabilities stemmed from potential write-based heap buffer overflows when processing specially crafted h5 files, which could lead to denial-of-service attac...

7.8CVSS6.2AI score0.00356EPSS
Exploits1References1
NVD
NVD
added 2026/02/11 11:16 p.m.6 views

CVE-2026-1669

Arbitrary file read in the model loading mechanism HDF5 integration in Keras versions 3.0.0 through 3.13.1 on all supported platforms allows a remote attacker to read local files and disclose sensitive information via a crafted .keras model file utilizing HDF5 external dataset references...

7.5CVSS0.00298EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.8 views

Azure Linux 3.0 Security Update: hdf5 (CVE-2024-33873)

The version of hdf5 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-33873 advisory. - HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5Dscattermem in H5Dscatgath.c. CVE-2024-33873...

8.8CVSS6AI score0.0092EPSS
Exploits0References2
OSV
OSV
added 2026/01/16 12:0 p.m.5 views

OESA-2026-1132 hdf5 security update

HDF5 is a data model, library, and file format for storing and managing data. It supports an unlimited variety of datatypes, and is designed for flexible and efficient I/O and for high volume and complex data. HDF5 is portable and is extensible, allowing applications to evolve in their use of HDF...

8.8CVSS6.1AI score0.00462EPSS
Exploits20References21
Microsoft CVE
Microsoft CVE
added 2026/01/16 9:3 a.m.9 views

Denial of Service in Keras via Excessive Memory Allocation in HDF5 Metadata

...

7.6CVSS5.4AI score0.00299EPSS
Exploits3
Rows per page
Query Builder