Lucene search
K

421 matches found

OSV
OSV
added 2026/07/01 4:53 p.m.5 views

CVE-2026-12480 Arbitrary HDF5 File Read via Virtual Dataset Bypass in keras-team/keras

Keras versions up to and including 3.13.2 are vulnerable to an arbitrary HDF5 file read due to an incomplete fix for CVE-2026-1669. The vulnerability resides in the H5IOStore.verifydataset and fileeditor.py methods, which fail to check the dataset.isvirtual property of HDF5 datasets. This allows ...

5.5CVSS6.2AI score0.00127EPSS
Exploits0References4
CVE
CVE
added 2026/07/01 4:53 p.m.22 views

CVE-2026-12480

CVE-2026-12480 affects Keras up to 3.13.2. The root cause is an incomplete fix for CVE-2026-1669 in H5IOStore._verify_dataset() and file_editor.py, where the code fails to check the dataset.is_virtual property of HDF5 datasets. This allows an attacker to craft a malicious .keras model archive or ...

5.5CVSS6.2AI score0.00127EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.10 views

PT-2026-54620

Keras versions up to and including 3.13.2 are vulnerable to an arbitrary HDF5 file read due to an incomplete fix for CVE-2026-1669. The vulnerability resides in the H5IOStore. verify dataset and file editor.py methods, which fail to check the dataset.is virtual property of HDF5 datasets. This...

5.5CVSS6.2AI score0.00127EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:42 p.m.12 views

CVE-2026-8086

A vulnerability was identified in OSGeo gdal up to 3.13.0dev-4. This issue affects the function SWnentries of the file frmts/hdf4/hdf-eos/SWapi.c. Such manipulation of the argument DimensionName leads to heap-based buffer overflow. The attack must be carried out locally. The exploit is publicly...

7.8CVSS6AI score0.00237EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in hdf5

A SIGFPE signal is raised in the function applyilters of h5repackfilters.c in the HDF HDF5 through 1.10.3 library during an attempt to parse a crafted HDF file, due to incorrect protection against division by zero. This could allow a remote denial-of-service attack...

6.5CVSS7.2AI score0.01972EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in libmysofa

A buffer overflow in the readDataVar function in hdf/dataobject.c within Symonics’ libmysofa 0.5 – 1.1 allows attackers to execute arbitrary code through a crafted SOFA...

8.8CVSS7.6AI score0.02255EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in libmysofa

LibMySOFA 0.9.1 has a stack-based buffer overflow issue in the readDataVar function in hdf/dataobject.c, during the reading of a header message attribute...

8.8CVSS7.2AI score0.01668EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in hdf5

A SIGFPE signal is raised in the function H5Dselectio of H5Dselect.c in the HDF HDF5 through 1.10.3 library during an attempt to parse a crafted HDF file. This occurs due to incorrect protection measures against division by zero. This could allow a remote denial-of-service attack to occur...

6.5CVSS6.9AI score0.0174EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in hdf5

A vulnerability classified as problematic was discovered in HDF5 1.14.6. This vulnerability affects the function H5Ofsinfoencode in the file /src/H5Ofsinfo.c. The vulnerability leads to a heap-based buffer overflow. An attack can be launched on the local host. The exploit has been disclosed to th...

4.8CVSS4.7AI score0.00208EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in hdf5

There is an out-of-bounds read vulnerability in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially crafted GIF file can lead to code execution. An attacker can provide a malicious file to exploit this vulnerability...

7.8CVSS7.5AI score0.00577EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/05/11 8:27 p.m.10 views

CVE-2026-8212

A flaw has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this vulnerability is the function SWSDfldsrch of the file frmts/hdf4/hdf-eos/SWapi.c. Executing a manipulation can lead to heap-based buffer overflow. The attack requires local access. The exploit has been published and may be...

5.5CVSS6AI score0.00205EPSS
Exploits1References1
OSV
OSV
added 2026/05/11 5:39 a.m.12 views

BIT-GDAL-2026-8086 OSGeo gdal SWapi.c SWnentries heap-based overflow

A vulnerability was identified in OSGeo gdal up to 3.13.0. This issue affects the function SWnentries of the file frmts/hdf4/hdf-eos/SWapi.c. Such manipulation of the argument DimensionName leads to heap-based buffer overflow. The attack must be carried out locally. The exploit is publicly...

7.8CVSS6.1AI score0.00237EPSS
Exploits1References10
OSV
OSV
added 2026/05/11 5:39 a.m.14 views

BIT-GDAL-2026-8084 OSGeo gdal HDF-EOS Grid File SWapi.c memmove out-of-bounds

A vulnerability was determined in OSGeo gdal up to 3.13.0. This vulnerability affects the function memmove of the file frmts/hdf4/hdf-eos/SWapi.c of the component HDF-EOS Grid File Handler. This manipulation causes out-of-bounds read. The attack is restricted to local execution. The exploit has...

5.5CVSS5.3AI score0.00264EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.6 views

Unity Linux 20.1070e Security Update: hdf5 (UTSA-2026-017692)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017692 advisory. An issue was discovered in the HDF HDF5 1.8.20 library. There is a memcpy parameter overlap in the function H5Olinkdecode in H5Olink.c. Tenable has extracted the...

9.8CVSS6.8AI score0.01997EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.8 views

Unity Linux 20.1070e Security Update: hdf5 (UTSA-2026-017780)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017780 advisory. A SIGFPE signal is raised in the function H5Dchunksetinforeal of H5Dchunk.c in the HDF HDF5 1.10.3 library during an attempted parse of a crafted HDF file, because o...

6.5CVSS6.6AI score0.02177EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.8 views

Unity Linux 20.1070e Security Update: hdf5 (UTSA-2026-017778)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017778 advisory. A SIGFPE signal is raised in the function H5Dcreatechunkfilemaphyper of H5Dchunk.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF...

6.5CVSS6.8AI score0.01972EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.17 views

Unity Linux 20.1070e Security Update: hdf5 (UTSA-2026-017779)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017779 advisory. A SIGFPE signal is raised in the function H5Dselectio of H5Dselect.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because ...

6.5CVSS7AI score0.0174EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.19 views

Unity Linux 20.1070e Security Update: hdf5 (UTSA-2026-017703)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017703 advisory. In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5Oplineplinedecode in H5Opline.c in libhdf5.a. For example, h5dump would crash when...

6.5CVSS6.8AI score0.01271EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.7 views

Unity Linux 20.1070e Security Update: hdf5 (UTSA-2026-017707)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017707 advisory. An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5Olinkdecode in H5Olink.c. Tenable has extracted the...

9.8CVSS5.9AI score0.01997EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.6 views

Unity Linux 20.1070e Security Update: hdf5 (UTSA-2026-017782)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017782 advisory. A SIGFPE signal is raised in the function applyfilters of h5repackfilters.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file,...

6.5CVSS6.8AI score0.01972EPSS
Exploits1References4
Rows per page
Query Builder