562 matches found
Astra Linux – Vulnerability in hdf5
A memory leak in the H5Ochunkdeserialize function within H5Ocache.c, part of the HDF HDF5 library, from version 1.10.3 allows attackers to cause a denial of service due to excessive memory consumption through a specially crafted HDF5 file...
XSS-Payload-Generator
XSS-Payload-Generator user guide 0. This script is an XSS payl...
CVE-2026-44673
libyang is a YANG data modeling language library. Prior to SO 5.2.15, lybreadstring in src/parserlyb.c contains an integer overflow that results in a heap buffer overflow when parsing a maliciously crafted LYB binary blob. An attacker who can supply LYB data to any libyang consumer NETCONF server...
RLSA-2026:16693 Important: jq security update
jq is a lightweight and flexible command-line JSON processor. jq is like sed for JSON data. You can use it to slice, filter, map, or transform structured data with the same ease that sed, awk, grep, or similar applications allow you to manipulate text. Security Fixes: jq: out-of-bounds read in...
jq: out-of-bounds read in jv_parse_sized() on error formatting for non-NUL-terminated buffers
A flaw was found in jq, a command line JSON processor, specifically in the libjq API. Parsing a malformed JSON input from a non-NUL-terminated buffer using the jvparsesized function can cause an out-of-bounds read, resulting in an application crash and a possible memory disclosure within the erro...
ROS-20260512-73-0011
Vulnerability in hdf5 related to memory usage after memory release. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...
UBUNTU-CVE-2026-41256
jq is a command-line JSON processor. In 1.8.1 and earlier, Top-level jq programs loaded from a file with -f are truncated at the first embedded NUL byte on current upstream HEAD. A crafted filter file such as . followed by \x00 and arbitrary suffix compiles and executes as only the prefix before...
Unity Linux 20.1070e Security Update: hdf5 (UTSA-2026-017777)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017777 advisory. Memory leak in the H5Odtypedecodehelper function in H5Odtype.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service memory consumptio...
OESA-2026-2262 hdf5 security update
HDF5 is a data model, library, and file format for storing and managing data. It supports an unlimited variety of datatypes, and is designed for flexible and efficient I/O and for high volume and complex data. HDF5 is portable and is extensible, allowing applications to evolve in their use of HDF...
OESA-2026-2261 hdf5 security update
HDF5 is a data model, library, and file format for storing and managing data. It supports an unlimited variety of datatypes, and is designed for flexible and efficient I/O and for high volume and complex data. HDF5 is portable and is extensible, allowing applications to evolve in their use of HDF...
CVE-2026-8088
A weakness has been identified in OSGeo gdal up to 3.13.0dev-4. The affected element is the function GDfieldinfo of the file frmts/hdf4/hdf-eos/GDapi.c. Executing a manipulation can lead to out-of-bounds read. The attack needs to be launched locally. The exploit has been made available to the...
GHSA-MGX6-5CF9-RR43 Keras vulnerable to DoS via Malicious .keras Model (HDF5 Shape Bomb Causes Petabyte Allocation in KerasFileEditor)
Summary Keras’s model loader KerasFileEditor unsafely loads user-supplied .keras model files containing HDF5-based weight files without performing any validation on HDF5 dataset metadata. An attacker can craft a .keras archive containing a valid model.weights.h5 file whose dataset declares an...
OESA-2026-2186 hdf5 security update
HDF5 is a data model, library, and file format for storing and managing data. It supports an unlimited variety of datatypes, and is designed for flexible and efficient I/O and for high volume and complex data. HDF5 is portable and is extensible, allowing applications to evolve in their use of HDF...
CVE-2026-40685
Exim before 4.99.2 is affected when JSON lookup is enabled. An out-of-bounds heap write can occur if a JSON operator encounters malformed JSON in an untrusted header, caused by an incorrect implementation of the JSON skipping logic. CVSS v3.1 metrics indicate a high-severity, remote-execution-lik...
JLSEC-2026-337
hdf5 v1.14.6 was discovered to contain a heap buffer overflow via the H5VMmemcpyvv function...
JLSEC-2026-319
HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5Trefmemsetnull in H5Tref.c called from H5Tconvref in H5Tconv.c, resulting in the corruption of the instruction pointer...
JLSEC-2026-320
HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5Dscattermem in H5Dscatgath.c...
JLSEC-2026-293
HDF5 through 1.14.3 contains a heap buffer overflow in H5HGcacheheapdeserialize, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution...
JLSEC-2026-330
A vulnerability was found in HDF5 up to 1.14.6. It has been rated as critical. Affected by this issue is the function H5FLblkgclist of the file src/H5FL.c. The manipulation of the argument H5FLblkheadt leads to use after free. An attack has to be approached locally. The exploit has been disclosed...
JLSEC-2026-304
HDF5 Library through 1.14.3 allows stack consumption in the function H5Eprintfstack in H5Eint.c...