DICOM, Pydicom, GDCM, and Orthanc: A technical tour of what really happens in the heap

Over the last decade, DICOM parsing has become an active research topic. The reason is simple: DICOM is both critical and complicated. Hospitals rely on DICOM-based PACS systems, and those systems often automatically ingest files received over the network. That means malformed data could directly...

Astra Linux - уязвимость в hdf5

The HDF5 library from version 1.14.3 has a heap-based buffer overflow issue in the H5Olayoutencode function within H5Olayout.c, which leads to the corruption of the instruction pointer...

Astra Linux - уязвимость в hdf5

A violation of bounds was detected in H5Ofillnewdecode and H5Ofillolddecode within H5Ofill.c in the HDF HDF5 1.10.2 library. This could allow a remote denial of service or information disclosure attack...

Astra Linux - уязвимость в hdf5

The HDF5 library from version 1.14.3 has a segmentation fault in the H5VM.c function H5VMmemcpyvv...

Astra Linux - уязвимость в hdf5

A issue was discovered in HDF5 through 1.12.0. A NULL pointer dereference exists in the function H5Fgetnrefs located in H5Fquery.c. This allows an attacker to cause a Denial of Service attack...

Astra Linux - уязвимость в hdf5

A memory leak in the H5Ochunkdeserialize function within H5Ocache.c, part of the HDF HDF5 library, from version 1.10.3 allows attackers to cause a denial of service due to excessive memory consumption through an exploitable HDF5 file...

XSS-Payload-Generator

XSS-Payload-Generator user guide 0. This script is an XSS payl...

CVE-2026-44673

libyang is a YANG data modeling language library. Prior to SO 5.2.15, lybreadstring in src/parserlyb.c contains an integer overflow that results in a heap buffer overflow when parsing a maliciously crafted LYB binary blob. An attacker who can supply LYB data to any libyang consumer NETCONF server...

RLSA-2026:16693 Important: jq security update

jq is a lightweight and flexible command-line JSON processor. jq is like sed for JSON data. You can use it to slice, filter, map, or transform structured data with the same ease that sed, awk, grep, or similar applications allow you to manipulate text. Security Fixes: jq: out-of-bounds read in...

jq: out-of-bounds read in jv_parse_sized() on error formatting for non-NUL-terminated buffers

A flaw was found in jq, a command line JSON processor, specifically in the libjq API. Parsing a malformed JSON input from a non-NUL-terminated buffer using the jvparsesized function can cause an out-of-bounds read, resulting in an application crash and a possible memory disclosure within the erro...

ROS-20260512-73-0011

Vulnerability in hdf5 related to memory usage after memory release. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

UBUNTU-CVE-2026-41256

jq is a command-line JSON processor. In 1.8.1 and earlier, Top-level jq programs loaded from a file with -f are truncated at the first embedded NUL byte on current upstream HEAD. A crafted filter file such as . followed by \x00 and arbitrary suffix compiles and executes as only the prefix before...

Unity Linux 20.1070e Security Update: hdf5 (UTSA-2026-017777)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017777 advisory. Memory leak in the H5Odtypedecodehelper function in H5Odtype.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service memory consumptio...

OESA-2026-2262 hdf5 security update

HDF5 is a data model, library, and file format for storing and managing data. It supports an unlimited variety of datatypes, and is designed for flexible and efficient I/O and for high volume and complex data. HDF5 is portable and is extensible, allowing applications to evolve in their use of HDF...

OESA-2026-2261 hdf5 security update

HDF5 is a data model, library, and file format for storing and managing data. It supports an unlimited variety of datatypes, and is designed for flexible and efficient I/O and for high volume and complex data. HDF5 is portable and is extensible, allowing applications to evolve in their use of HDF...

CVE-2026-8088

A weakness has been identified in OSGeo gdal up to 3.13.0dev-4. The affected element is the function GDfieldinfo of the file frmts/hdf4/hdf-eos/GDapi.c. Executing a manipulation can lead to out-of-bounds read. The attack needs to be launched locally. The exploit has been made available to the...

GHSA-MGX6-5CF9-RR43 Keras vulnerable to DoS via Malicious .keras Model (HDF5 Shape Bomb Causes Petabyte Allocation in KerasFileEditor)

Summary Keras’s model loader KerasFileEditor unsafely loads user-supplied .keras model files containing HDF5-based weight files without performing any validation on HDF5 dataset metadata. An attacker can craft a .keras archive containing a valid model.weights.h5 file whose dataset declares an...

Astra Linux - уязвимость в hdf5

Memory leak in the H5Odtypedecodehelper function in H5Odtype.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service memory consumption via a crafted HDF5 file...

Astra Linux - уязвимость в hdf5

HDF5 through 1.14.3 contains a buffer overflow in H5Olinfodecode, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution...

Astra Linux - уязвимость в hdf5

A SIGFPE signal is raised in the function H5Dchunksetinforeal of H5Dchunk.c in the HDF HDF5 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. This issue is different from CVE-2018-11207...