HDF Group 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
公開された問題は バッファオーバーフロー、vendor risk memory corruption, and vendor risk input validation に関連することが多く、vendor surface software deployment and vendor surface production workloads の文脈で アプリケーションクラッシュ and vendor impact memory corruption などの暴露リスクを伴う場合があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2026-29043 | HDF5 is software for managing data. In 1.14.1-2 and earlier, an attacker who can control an h5 file parsed by HDF5 can trigger a write-based heap buffer overflow condition in the H5T__ref_mem_setnull method. This can lead to a denial-of-service condition, and potentially further issues such as remote code execution depending on the practical exploitability of the heap overflow against modern operating systems. | [email protected] | 5.5 | 0.04% | 2026-04-10 | 2026-04-16 |
| CVE-2026-34734 | HDF5 is software for managing data. In 1.14.1-2 and earlier, a heap-use-after-free was found in the h5dump helper utility. An attacker who can supply a malicious h5 file can trigger a heap use-after-free. The freed object is referenced in a memmove call from H5T__conv_struct. The original object was allocated by H5D__typeinfo_init_phase3 and freed by H5D__typeinfo_term. | [email protected] | 7.8 | 0.01% | 2026-04-09 | 2026-04-14 |
| CVE-2026-26200 | HDF5 is software for managing data. Prior to version 1.14.4-2, an attacker who can control an `h5` file parsed by HDF5 can trigger a write-based heap buffer overflow condition. This can lead to a denial-of-service condition, and potentially further issues such as remote code execution depending on the practical exploitability of the heap overflow against modern operating systems. Real-world exploitability of this issue in terms of remote-code execution is currently unknown. Version 1.14.4-2 fixe | [email protected] | 7.8 | 0.05% | 2026-02-19 | 2026-02-20 |
| CVE-2025-7069 | A vulnerability, which was classified as problematic, was found in HDF5 1.14.6. Affected is the function H5FS__sect_link_size of the file src/H5FSsection.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. | [email protected] | 1.9 | 0.13% | 2025-07-04 | 2026-04-29 |
| CVE-2025-7068 | A vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. This issue affects the function H5FL__malloc of the file src/H5FL.c. The manipulation leads to memory leak. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. | [email protected] | 1.9 | 0.13% | 2025-07-04 | 2026-04-29 |
| CVE-2025-7067 | A vulnerability classified as problematic was found in HDF5 1.14.6. This vulnerability affects the function H5FS__sinfo_serialize_node_cb of the file src/H5FScache.c. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. | [email protected] | 1.9 | 0.13% | 2025-07-04 | 2026-04-29 |
| CVE-2025-6858 | A vulnerability was found in HDF5 1.14.6 and classified as problematic. Affected by this issue is the function H5C__flush_single_entry of the file src/H5Centry.c. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. | [email protected] | 1.9 | 0.13% | 2025-06-29 | 2026-04-29 |
| CVE-2025-6857 | A vulnerability has been found in HDF5 1.14.6 and classified as problematic. Affected by this vulnerability is the function H5G__node_cmp3 of the file src/H5Gnode.c. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. | [email protected] | 1.9 | 0.13% | 2025-06-29 | 2026-04-29 |
| CVE-2025-6856 | A vulnerability, which was classified as problematic, was found in HDF5 1.14.6. Affected is the function H5FL__reg_gc_list of the file src/H5FL.c. The manipulation leads to use after free. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. | [email protected] | 1.9 | 0.13% | 2025-06-29 | 2026-04-29 |
| CVE-2025-6818 | A vulnerability, which was classified as problematic, was found in HDF5 1.14.6. Affected is the function H5O__chunk_protect of the file /src/H5Ochunk.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. | [email protected] | 1.9 | 0.13% | 2025-06-28 | 2026-04-29 |
| CVE-2025-6817 | A vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. This issue affects the function H5C__load_entry of the file /src/H5Centry.c. The manipulation leads to resource consumption. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. | [email protected] | 1.9 | 0.05% | 2025-06-28 | 2026-04-29 |
| CVE-2025-6816 | A vulnerability classified as problematic was found in HDF5 1.14.6. This vulnerability affects the function H5O__fsinfo_encode of the file /src/H5Ofsinfo.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. | [email protected] | 1.9 | 0.05% | 2025-06-28 | 2026-04-29 |
| CVE-2025-6750 | A vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. Affected by this issue is the function H5O__mtime_new_encode of the file src/H5Omtime.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. | [email protected] | 1.9 | 0.05% | 2025-06-27 | 2026-04-29 |
| CVE-2025-6516 | A vulnerability has been found in HDF5 up to 1.14.6 and classified as critical. This vulnerability affects the function H5F_addr_decode_len of the file /hdf5/src/H5Fint.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. | [email protected] | 1.9 | 0.05% | 2025-06-23 | 2026-04-29 |
| CVE-2025-6270 | A vulnerability, which was classified as critical, has been found in HDF5 up to 1.14.6. Affected by this issue is the function H5FS__sect_find_node of the file H5FSsection.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. | [email protected] | 1.9 | 0.05% | 2025-06-19 | 2026-04-29 |
| CVE-2025-6269 | A vulnerability classified as critical was found in HDF5 up to 1.14.6. Affected by this vulnerability is the function H5C__reconstruct_cache_entry of the file H5Cimage.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. | [email protected] | 1.9 | 0.05% | 2025-06-19 | 2026-04-29 |
| CVE-2025-44905 | hdf5 v1.14.6 was discovered to contain a heap buffer overflow via the H5Z__filter_scaleoffset function. | [email protected] | 8.8 | 0.31% | 2025-05-30 | 2025-06-03 |
| CVE-2025-44904 | hdf5 v1.14.6 was discovered to contain a heap buffer overflow via the H5VM_memcpyvv function. | [email protected] | 8.8 | 0.31% | 2025-05-30 | 2025-06-03 |
| CVE-2025-2926 | A vulnerability was found in HDF5 up to 1.14.6 and classified as problematic. This issue affects the function H5O__cache_chk_serialize of the file src/H5Ocache.c. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. | [email protected] | 1.9 | 0.08% | 2025-03-28 | 2026-04-29 |
| CVE-2025-2925 | A vulnerability has been found in HDF5 up to 1.14.6 and classified as problematic. This vulnerability affects the function H5MM_realloc of the file src/H5MM.c. The manipulation of the argument mem leads to double free. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. | [email protected] | 1.9 | 0.08% | 2025-03-28 | 2026-04-29 |