44 matches found
model.weights.h5: h5py.ExternalLink at Group level silently followed during load_model(), bypassing CVE-2025-9905 fix — information disclosure from arbitrary HDF5 files
Keras 3.x introduced a fix for CVE-2025-9905 by checking dataset.external in H5IOStore.verifydataset. This check blocks datasets whose raw bytes are stored in external files via the HDF5 "External Data Storage" mechanism. However, HDF5 supports a second, unrelated external-reference mechanism:...
hdf5: HDF5 heap-based overflow
A heap-based buffer overflow was found in HDF5. This flaw exists in the H5Faddrdecodelen function of the /hdf5/src/H5Fint.c file and may be triggered by input manipulation to the function. Local access is required to exploit this flaw...
EUVD-2018-9188
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2018-17437
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Memory leak in the H5Odtypedecodehelper function in H5Odtype.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service memory...
CVE-2025-2153
CVE-2025-2153 impacts HDF5 1.14.6, specifically the H5SM_delete function in H5SM.c of the h5 File Handler. The vulnerability is a heap-based buffer overflow that can be triggered remotely; exploitation is described as difficult and is publicly disclosed. Connected sources confirm this as a critic...
Buffer overflow
A buffer overflow in H5Olayoutencode in H5Olayout.c in the HDF HDF5 through 1.10.4 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while repacking an HDF5 file, aka "Invalid write of size 2."...
CVE-2019-8396
A buffer overflow in H5Olayoutencode in H5Olayout.c in the HDF HDF5 through 1.10.4 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while repacking an HDF5 file, aka "Invalid write of size 2."...
The vulnerability of the ReadGifImageDesc() function (gifread.c) in the HDF5 library, which allows a hacker to cause a service failure
The vulnerability of the ReadGifImageDesc function in the HDF5 library arises from the occurrence of operations outside the buffer’s boundaries in memory. Exploiting this vulnerability could allow a malicious actor to cause service interruptions by using a specially crafted HDF5 file...
CVE-2018-17432
A NULL pointer dereference in H5Osdspaceencode in H5Osdspace.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file...
CVE-2018-17435
A heap-based buffer over-read in H5Oattrdecode in H5Oattr.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while converting an HDF file to GIF file...
CVE-2018-17436
ReadCode in decompress.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service invalid write access via a crafted HDF5 file. This issue was triggered while converting a GIF file to an HDF file...
UBUNTU-CVE-2018-17437
Memory leak in the H5Odtypedecodehelper function in H5Odtype.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service memory consumption via a crafted HDF5 file...
CVE-2018-17433
A heap-based buffer overflow in ReadGifImageDesc in gifread.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while converting a GIF file to an HDF file...
CVE-2018-17432
A NULL pointer dereference in H5Osdspaceencode in H5Osdspace.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file...
CVE-2018-17435
A heap-based buffer over-read in H5Oattrdecode in H5Oattr.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while converting an HDF file to GIF file...
CVE-2018-17433
CVE-2018-17433 is a heap-based buffer overflow in ReadGifImageDesc() (gifread.c) of the HDF5 library up to 1.10.3, enabling a denial of service via a crafted HDF5 file when converting a GIF to HDF. The connected OSV/Nessus entries corroborate the vulnerability and show that advisories (e.g., SUSE...
CVE-2018-17433
A heap-based buffer overflow in ReadGifImageDesc in gifread.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while converting a GIF file to an HDF file...
CVE-2018-17433
A heap-based buffer overflow in ReadGifImageDesc in gifread.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while converting a GIF file to an HDF file...
CVE-2018-17432
A NULL pointer dereference in H5Osdspaceencode in H5Osdspace.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file...
CVE-2017-17505
In HDF5 1.10.1, there is a NULL pointer dereference in the function H5Oplinedecode in the H5Opline.c file in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file...