Advisory ROSA-SA-2026-3296

CVE-ID: CVE-2020-10809 BDU-ID: 2024-07119 CVE-Crit: MEDIUM CVE-DESC.: Vulnerability in the Decompress function in the decompress.c file. This vulnerability is related to writing beyond the memory bounds. Exploitation of this vulnerability could allow an attacker to cause a service failure...

Astra Linux - уязвимость в hdf5

There is an out-of-bounds write vulnerability in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially crafted GIF file can lead to code execution. An attacker can provide a malicious file to exploit this vulnerability...

Astra Linux - уязвимость в hdf5

The HDF5 library from version 1.14.3 has a heap-based buffer overflow issue in the H5Dscattermem function within the H5Dscatgath.c file...

Astra Linux - уязвимость в hdf5

The HDF5 library from version 1.14.3 has a heap buffer overflow issue in the H5Omtimenewencode function within H5Omtime.c...

Astra Linux - уязвимость в hdf5

A SIGFPE signal is raised in the function H5Dcreatechunkfilemaphyper of H5Dchunk.c in the HDF HDF5 through 1.10.3 library during an attempt to parse a crafted HDF file. This occurs due to incorrect protection against division by zero. This could allow a remote denial-of-service attack...

Unity Linux 20.1070e Security Update: hdf5 (UTSA-2026-017783)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017783 advisory. Memory leak in the H5Ochunkdeserialize function in H5Ocache.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service memory consumption...

Unity Linux 20.1070e Security Update: hdf5 (UTSA-2026-017697)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017697 advisory. A heap-based buffer over-read in H5Oattrdecode in H5Oattr.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5...

Unity Linux 20.1070e Security Update: hdf5 (UTSA-2026-017779)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017779 advisory. A SIGFPE signal is raised in the function H5Dselectio of H5Dselect.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because ...

Unity Linux 20.1070e Security Update: hdf5 (UTSA-2026-017710)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017710 advisory. An issue was discovered in the HDF HDF5 1.8.20 library. There is a buffer over-read in H5Ochunkdeserialize in H5Ocache.c. Tenable has extracted the preceding...

Unity Linux 20.1070e Security Update: hdf5 (UTSA-2026-017688)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017688 advisory. A NULL pointer dereference in H5Osdspaceencode in H5Osdspace.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF...

Keras vulnerable to DoS via Malicious .keras Model (HDF5 Shape Bomb Causes Petabyte Allocation in KerasFileEditor)

Summary Keras’s model loader KerasFileEditor unsafely loads user-supplied .keras model files containing HDF5-based weight files without performing any validation on HDF5 dataset metadata. An attacker can craft a .keras archive containing a valid model.weights.h5 file whose dataset declares an...

Astra Linux - уязвимость в hdf5

There is a heap-based buffer overflow vulnerability in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially crafted GIF file can lead to code execution. An attacker can provide a malicious file to exploit this vulnerability...

Astra Linux - уязвимость в hdf5

HDF5 library through 1.14.3 has memory corruption in H5Aclose resulting in the corruption of the instruction pointer and causing denial of service or potential code execution...

Astra Linux - уязвимость в hdf5

The HDF5 library versions up to 1.14.3 has a segmentation fault in the H5Tclosereal function within H5T.c, resulting in a corrupted instruction pointer...

OESA-2026-2185 hdf5 security update

HDF5 is a data model, library, and file format for storing and managing data. It supports an unlimited variety of datatypes, and is designed for flexible and efficient I/O and for high volume and complex data. HDF5 is portable and is extensible, allowing applications to evolve in their use of HDF...

JLSEC-2026-326

A vulnerability, which was classified as critical, was found in HDF5 1.14.6. This affects the function H5Zscaleoffsetdecompressonebyte of the component Scale-Offset Filter. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed...

JLSEC-2026-318

HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5VMarrayfill in H5VM.c called from H5Sselectelements in H5Spoint.c...

JLSEC-2026-294

HDF5 through 1.14.3 contains a heap buffer overflow in H5Aattrreleasetable, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution...

JLSEC-2026-338

hdf5 v1.14.6 was discovered to contain a heap buffer overflow via the H5Zfilterscaleoffset function...

JLSEC-2026-310

HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5Znbitdecompressonebyte in H5Znbit.c, caused by the earlier use of an initialized pointer...