138 matches found
Astra Linux - уязвимость в hdf5
There is an out-of-bounds read vulnerability in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially crafted GIF file can lead to code execution. An attacker can provide a malicious file to exploit this vulnerability...
Unity Linux 20.1070e Security Update: hdf5 (UTSA-2026-017707)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017707 advisory. An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5Olinkdecode in H5Olink.c. Tenable has extracted the...
Unity Linux 20.1070e Security Update: hdf5 (UTSA-2026-017782)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017782 advisory. A SIGFPE signal is raised in the function applyfilters of h5repackfilters.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file,...
Unity Linux 20.1070e Security Update: hdf5 (UTSA-2026-017703)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017703 advisory. In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5Oplineplinedecode in H5Opline.c in libhdf5.a. For example, h5dump would crash when...
Unity Linux 20.1070e Security Update: hdf5 (UTSA-2026-017778)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017778 advisory. A SIGFPE signal is raised in the function H5Dcreatechunkfilemaphyper of H5Dchunk.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF...
Unity Linux 20.1070e Security Update: hdf5 (UTSA-2026-017780)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017780 advisory. A SIGFPE signal is raised in the function H5Dchunksetinforeal of H5Dchunk.c in the HDF HDF5 1.10.3 library during an attempted parse of a crafted HDF file, because o...
Astra Linux - уязвимость в hdf5
A vulnerability classified as problematic was discovered in HDF5 1.14.6. This vulnerability affects the function H5Ofsinfoencode in the file /src/H5Ofsinfo.c. The vulnerability leads to a heap-based buffer overflow. An attack can be launched on the local host. The exploit has been disclosed to th...
Astra Linux - уязвимость в hdf5
A SIGFPE signal is raised in the function H5Dselectio of H5Dselect.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack...
JLSEC-2026-352
HDF5 is software for managing data. Prior to version 1.14.4-2, an attacker who can control an h5 file parsed by HDF5 can trigger a write-based heap buffer overflow condition. This can lead to a denial-of-service condition, and potentially further issues such as remote code execution depending on...
CVE-2026-2492
TensorFlow HDF5 Library Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of TensorFlow. An attacker must first obtain the ability to execute low-privileged code on the target syste...
CVE-2026-2492
TensorFlow HDF5 Library CVE-2026-2492 is a Local Privilege Escalation affecting the TensorFlow package’s HDF5 library, caused by insecure plugin search path handling. Affected versions are
HDF5 安全漏洞
HDF5 is a library developed by the HDF open-source project. Versions of HDF5 prior to 1.14.4-2 contained security vulnerabilities. These vulnerabilities stemmed from potential write-based heap buffer overflows when processing specially crafted h5 files, which could lead to denial-of-service attac...
CVE-2026-1669
Arbitrary file read in the model loading mechanism HDF5 integration in Keras versions 3.0.0 through 3.13.1 on all supported platforms allows a remote attacker to read local files and disclose sensitive information via a crafted .keras model file utilizing HDF5 external dataset references...
Azure Linux 3.0 Security Update: hdf5 (CVE-2024-33873)
The version of hdf5 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-33873 advisory. - HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5Dscattermem in H5Dscatgath.c. CVE-2024-33873...
OESA-2026-1132 hdf5 security update
HDF5 is a data model, library, and file format for storing and managing data. It supports an unlimited variety of datatypes, and is designed for flexible and efficient I/O and for high volume and complex data. HDF5 is portable and is extensible, allowing applications to evolve in their use of HDF...
Denial of Service in Keras via Excessive Memory Allocation in HDF5 Metadata
...
Allocation of Resources Without Limits or Throttling
Overview keras is a Keras is a high-level neural networks API for Python.. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in HDF5 dataset metadata validation. An attacker can cause excessive memory consumption and crash the Python...
CVE-2026-0897
Allocation of Resources Without Limits or Throttling in the HDF5 weight loading component in Google Keras 3.0.0 through 3.13.0 on all platforms allows a remote attacker to cause a Denial of Service DoS through memory exhaustion and a crash of the Python interpreter via a crafted .keras archive...
OESA-2026-1006 hdf5 security update
HDF5 is a data model, library, and file format for storing and managing data. It supports an unlimited variety of datatypes, and is designed for flexible and efficient I/O and for high volume and complex data. HDF5 is portable and is extensible, allowing applications to evolve in their use of HDF...
PT-2026-20919
Name of the Vulnerable Software and Affected Versions HDF5 versions prior to 1.14.4-2 Description HDF5 is software used for managing data. An attacker controlling an h5 file parsed by HDF5 can trigger a write-based heap buffer overflow. This can lead to a denial-of-service condition, and...