Heap Buffer Overflow in HDF5 Software by The HDF Group
CVE-2026-29043

5.5MEDIUM

Key Information:

Vendor: Hdfgroup
Status: Hdf5
Vendor: CVE Published:; 10 April 2026

What is CVE-2026-29043?

The HDF5 software, used for managing data, has a vulnerability where an attacker can manipulate an improperly handled h5 file, leading to a heap buffer overflow in the H5T__ref_mem_setnull method. This condition can result in a denial-of-service scenario and may also pave the way for potential remote code execution, depending on the exploitability context of the buffer overflow vulnerabilities in modern operating systems.

Affected Version(s)

hdf5 <= 1.14.1-2

References

https://github.com/HDFGroup/hdf5/security/advisories/GHSA...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 10, 2026
Vulnerability Reserved
Mar 3, 2026

CVE-2026-29043 Data

JSON

Hdfgroup

What is CVE-2026-29043?

Affected Version(s)

References

CVSS V3.1

Timeline