Advisory ROSA-SA-2026-3296

CVE-ID: CVE-2020-10809 BDU-ID: 2024-07119 CVE-Crit: MEDIUM CVE-DESC.: Vulnerability in the Decompress function in the decompress.c file. This vulnerability is related to writing beyond the memory bounds. Exploitation of this vulnerability could allow an attacker to cause a service failure...

Astra Linux – Vulnerability in hdf5

There is a heap-based buffer overflow vulnerability in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially crafted GIF file can lead to code execution. An attacker can provide a malicious file to exploit this vulnerability...

Unity Linux 20.1070e Security Update: hdf5 (UTSA-2026-017697)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017697 advisory. A heap-based buffer over-read in H5Oattrdecode in H5Oattr.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5...

Unity Linux 20.1070e Security Update: hdf5 (UTSA-2026-017710)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017710 advisory. An issue was discovered in the HDF HDF5 1.8.20 library. There is a buffer over-read in H5Ochunkdeserialize in H5Ocache.c. Tenable has extracted the preceding...

Unity Linux 20.1070e Security Update: hdf5 (UTSA-2026-017783)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017783 advisory. Memory leak in the H5Ochunkdeserialize function in H5Ocache.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service memory consumption...

Unity Linux 20.1070e Security Update: hdf5 (UTSA-2026-017688)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017688 advisory. A NULL pointer dereference in H5Osdspaceencode in H5Osdspace.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF...

Unity Linux 20.1070e Security Update: hdf5 (UTSA-2026-017779)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017779 advisory. A SIGFPE signal is raised in the function H5Dselectio of H5Dselect.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because ...

Keras vulnerable to DoS via Malicious .keras Model (HDF5 Shape Bomb Causes Petabyte Allocation in KerasFileEditor)

Summary Keras’s model loader KerasFileEditor unsafely loads user-supplied .keras model files containing HDF5-based weight files without performing any validation on HDF5 dataset metadata. An attacker can craft a .keras archive containing a valid model.weights.h5 file whose dataset declares an...

Astra Linux – Vulnerability in hdf5

There is an out-of-bounds write vulnerability in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially crafted GIF file can lead to code execution. An attacker can provide a malicious file to exploit this vulnerability...

Astra Linux – Vulnerability in hdf5

A SIGFPE signal is raised in the function H5Dcreatechunkfilemaphyper of H5Dchunk.c in the HDF HDF5 through 1.10.3 library during an attempt to parse a crafted HDF file. This occurs due to incorrect protection against division by zero. This could allow a remote denial-of-service attack...

OESA-2026-2185 hdf5 security update

HDF5 is a data model, library, and file format for storing and managing data. It supports an unlimited variety of datatypes, and is designed for flexible and efficient I/O and for high volume and complex data. HDF5 is portable and is extensible, allowing applications to evolve in their use of HDF...

JLSEC-2026-294

HDF5 through 1.14.3 contains a heap buffer overflow in H5Aattrreleasetable, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution...

JLSEC-2026-334

A vulnerability, which was classified as problematic, was found in HDF5 up to 1.14.6. This affects the function H5HLfldeserialize of the file src/H5HLcache.c. The manipulation of the argument freeblock leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The...

JLSEC-2026-308

HDF5 Library through 1.14.3 contains a heap-based buffer over-read in the function H5HLfldeserialize in H5HLcache.c, a different vulnerability than CVE-2024-32612...

JLSEC-2026-318

HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5VMarrayfill in H5VM.c called from H5Sselectelements in H5Spoint.c...

JLSEC-2026-338

hdf5 v1.14.6 was discovered to contain a heap buffer overflow via the H5Zfilterscaleoffset function...

JLSEC-2026-347

A vulnerability has been found in HDF5 1.14.6 and classified as problematic. Affected by this vulnerability is the function H5Gnodecmp3 of the file src/H5Gnode.c. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been...

JLSEC-2026-305

HDF5 Library through 1.14.3 has a SEGV in H5Tclosereal in H5T.c, resulting in a corrupted instruction pointer...

JLSEC-2026-348

A vulnerability was found in HDF5 1.14.6 and classified as problematic. Affected by this issue is the function H5Cflushsingleentry of the file src/H5Centry.c. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the publi...

JLSEC-2026-296

HDF5 through 1.14.3 contains a heap buffer overflow in H5Tbitfind, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution...