CVE-2026-29043

CVSS Score & Metrics

Base Score

5.5 / 10

Vector String

                                        CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H                                    

Vulnerability Description

HDF5 is software for managing data. In 1.14.1-2 and earlier, an attacker who can control an h5 file parsed by HDF5 can trigger a write-based heap buffer overflow condition in the H5T__ref_mem_setnull method. This can lead to a denial-of-service condition, and potentially further issues such as remote code execution depending on the practical exploitability of the heap overflow against modern operating systems.

Vulnerability Details

Published Date

April 10, 2026

Last Modified

April 16, 2026

CWE ID

CWE-122

Source

NVD

Vendor

HDFGroup

Product

hdf5

External References

https://github.com/HDFGroup/hdf5/security/advisories/GHSA-qm2m-5g5w-2277

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment