Aggregates CVE and security vulnerability intelligence across all HDF Group-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Disclosed issues often relate to vendor risk buffer overflow, vendor risk memory corruption, and vendor risk input validation; exposure may include vendor impact application crash in vendor surface software deployment contexts.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-29043 | HDF5 is software for managing data. In 1.14.1-2 and earlier, an attacker who can control an h5 file parsed by HDF5 can trigger a write-based heap buffer overflow condition in the H5T__ref_mem_setnull method. This can lead to a denial-of-service condition, and potentially further issues such as remote code execution depending on the practical exploitability of the heap overflow against modern operating systems. | [email protected] | 5.5 | 0.04% | 2026-04-10 | 2026-04-16 |
| CVE-2026-34734 | HDF5 is software for managing data. In 1.14.1-2 and earlier, a heap-use-after-free was found in the h5dump helper utility. An attacker who can supply a malicious h5 file can trigger a heap use-after-free. The freed object is referenced in a memmove call from H5T__conv_struct. The original object was allocated by H5D__typeinfo_init_phase3 and freed by H5D__typeinfo_term. | [email protected] | 7.8 | 0.01% | 2026-04-09 | 2026-04-14 |
| CVE-2026-26200 | HDF5 is software for managing data. Prior to version 1.14.4-2, an attacker who can control an `h5` file parsed by HDF5 can trigger a write-based heap buffer overflow condition. This can lead to a denial-of-service condition, and potentially further issues such as remote code execution depending on the practical exploitability of the heap overflow against modern operating systems. Real-world exploitability of this issue in terms of remote-code execution is currently unknown. Version 1.14.4-2 fixe | [email protected] | 7.8 | 0.05% | 2026-02-19 | 2026-02-20 |
| CVE-2025-7069 | A vulnerability, which was classified as problematic, was found in HDF5 1.14.6. Affected is the function H5FS__sect_link_size of the file src/H5FSsection.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. | [email protected] | 1.9 | 0.13% | 2025-07-04 | 2026-04-29 |
| CVE-2025-7068 | A vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. This issue affects the function H5FL__malloc of the file src/H5FL.c. The manipulation leads to memory leak. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. | [email protected] | 1.9 | 0.13% | 2025-07-04 | 2026-04-29 |
| CVE-2025-7067 | A vulnerability classified as problematic was found in HDF5 1.14.6. This vulnerability affects the function H5FS__sinfo_serialize_node_cb of the file src/H5FScache.c. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. | [email protected] | 1.9 | 0.13% | 2025-07-04 | 2026-04-29 |
| CVE-2025-6858 | A vulnerability was found in HDF5 1.14.6 and classified as problematic. Affected by this issue is the function H5C__flush_single_entry of the file src/H5Centry.c. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. | [email protected] | 1.9 | 0.13% | 2025-06-29 | 2026-04-29 |
| CVE-2025-6857 | A vulnerability has been found in HDF5 1.14.6 and classified as problematic. Affected by this vulnerability is the function H5G__node_cmp3 of the file src/H5Gnode.c. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. | [email protected] | 1.9 | 0.13% | 2025-06-29 | 2026-04-29 |
| CVE-2025-6856 | A vulnerability, which was classified as problematic, was found in HDF5 1.14.6. Affected is the function H5FL__reg_gc_list of the file src/H5FL.c. The manipulation leads to use after free. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. | [email protected] | 1.9 | 0.13% | 2025-06-29 | 2026-04-29 |
| CVE-2025-6818 | A vulnerability, which was classified as problematic, was found in HDF5 1.14.6. Affected is the function H5O__chunk_protect of the file /src/H5Ochunk.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. | [email protected] | 1.9 | 0.13% | 2025-06-28 | 2026-04-29 |
| CVE-2025-6817 | A vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. This issue affects the function H5C__load_entry of the file /src/H5Centry.c. The manipulation leads to resource consumption. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. | [email protected] | 1.9 | 0.05% | 2025-06-28 | 2026-04-29 |
| CVE-2025-6816 | A vulnerability classified as problematic was found in HDF5 1.14.6. This vulnerability affects the function H5O__fsinfo_encode of the file /src/H5Ofsinfo.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. | [email protected] | 1.9 | 0.05% | 2025-06-28 | 2026-04-29 |
| CVE-2025-6750 | A vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. Affected by this issue is the function H5O__mtime_new_encode of the file src/H5Omtime.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. | [email protected] | 1.9 | 0.05% | 2025-06-27 | 2026-04-29 |
| CVE-2025-6516 | A vulnerability has been found in HDF5 up to 1.14.6 and classified as critical. This vulnerability affects the function H5F_addr_decode_len of the file /hdf5/src/H5Fint.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. | [email protected] | 1.9 | 0.05% | 2025-06-23 | 2026-04-29 |
| CVE-2025-6270 | A vulnerability, which was classified as critical, has been found in HDF5 up to 1.14.6. Affected by this issue is the function H5FS__sect_find_node of the file H5FSsection.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. | [email protected] | 1.9 | 0.05% | 2025-06-19 | 2026-04-29 |
| CVE-2025-6269 | A vulnerability classified as critical was found in HDF5 up to 1.14.6. Affected by this vulnerability is the function H5C__reconstruct_cache_entry of the file H5Cimage.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. | [email protected] | 1.9 | 0.05% | 2025-06-19 | 2026-04-29 |
| CVE-2025-44905 | hdf5 v1.14.6 was discovered to contain a heap buffer overflow via the H5Z__filter_scaleoffset function. | [email protected] | 8.8 | 0.31% | 2025-05-30 | 2025-06-03 |
| CVE-2025-44904 | hdf5 v1.14.6 was discovered to contain a heap buffer overflow via the H5VM_memcpyvv function. | [email protected] | 8.8 | 0.31% | 2025-05-30 | 2025-06-03 |
| CVE-2025-2926 | A vulnerability was found in HDF5 up to 1.14.6 and classified as problematic. This issue affects the function H5O__cache_chk_serialize of the file src/H5Ocache.c. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. | [email protected] | 1.9 | 0.08% | 2025-03-28 | 2026-04-29 |
| CVE-2025-2925 | A vulnerability has been found in HDF5 up to 1.14.6 and classified as problematic. This vulnerability affects the function H5MM_realloc of the file src/H5MM.c. The manipulation of the argument mem leads to double free. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. | [email protected] | 1.9 | 0.08% | 2025-03-28 | 2026-04-29 |