Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the H5Trefmemsetnull function. An attacker can cause a heap buffer overflow by supplying a specially crafted HDF5 .h5 file, which may result in denial of service or potentially allow execution of arbitrary...

EUVD-2018-9189

Malware in sbrugna...

EUVD-2017-8668

Malware in sbrugna...

EUVD-2017-8666

Malware in sbrugna...

EUVD-2025-30279

Malicious code in bioql PyPI...

The Keras `Model.load_model` method **silently** ignores `safe_mode=True` and allows arbitrary code execution when a `.h5`/`.hdf5` file is loaded.

Note: This report has already been discussed with the Google OSS VRP team, who recommended that I reach out directly to the Keras team. I’ve chosen to do so privately rather than opening a public issue, due to the potential security implications. I also attempted to use the email address listed i...

SUSE SLES15 Security Update : hdf5 (SUSE-SU-2022:1912-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1912-1 advisory. Security issues fixed: - CVE-2020-10811: Fixed heap-based buffer over-read in the function H5Olayoutdecode located in H5Olayout.c bsc1167405. -...

The vulnerability of the h5dump program for processing hdf5 files arises from buffer overflows during the processing of command-line parameters, allowing attackers to cause service failures.

The vulnerability of the h5dump program for viewing hdf5 files arises from buffer overflows during the processing of command-line parameters. Exploiting this vulnerability can allow an attacker to cause a service failure by entering a specially crafted sequence of data in the command line...

DEBIAN-CVE-2017-17506

In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5Oplineplinedecode in H5Opline.c in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file...