CVE-2026-26200

High CVSS: 7.8

HDF5 is software for managing data. Prior to version 1.14.4-2, an attacker who can control an `h5` file parsed by HDF5 can trigger a write-based heap buffer overflow condition. This can lead to a denial-of-service condition, and potentially further issues such as remote code execution depending on the practical exploitability of the heap overflow against modern operating systems. Real-world exploitability of this issue in terms of remote-code execution is currently unknown. Version 1.14.4-2 fixes the issue.

Vendor

Hdfgroup

Product

Hdf5

CWE

CWE-122

Yayın Tarihi

2026-02-19 20:25:42

Güncelleme

2026-02-20 20:14:37

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-122 Hdf5 HIGH Hdfgroup 2026

Referanslar

https://github.com/HDFGroup/hdf5/security/advisories/GHSA-5p2m-j456-9mr2

Benzer Kayıtlar

Medium

CVE-2025-7068

A vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. This issue affects the function H5F…

Medium

CVE-2025-7069

A vulnerability, which was classified as problematic, was found in HDF5 1.14.6. Affected is the function H5FS__sect_link…

Medium

CVE-2025-7067

A vulnerability classified as problematic was found in HDF5 1.14.6. This vulnerability affects the function H5FS__sinfo_…

Medium

CVE-2025-6858

A vulnerability was found in HDF5 1.14.6 and classified as problematic. Affected by this issue is the function H5C__flus…

Medium

CVE-2025-6857

A vulnerability has been found in HDF5 1.14.6 and classified as problematic. Affected by this vulnerability is the funct…

Medium

CVE-2025-6856

A vulnerability, which was classified as problematic, was found in HDF5 1.14.6. Affected is the function H5FL__reg_gc_li…