CVE-2026-34734 in HDF5information

Résumé

par MITRE • 09/04/2026

HDF5 is software for managing data. In 1.14.1-2 and earlier, a heap-use-after-free was found in the h5dump helper utility. An attacker who can supply a malicious h5 file can trigger a heap use-after-free. The freed object is referenced in a memmove call from H5T__conv_struct. The original object was allocated by H5D__typeinfo_init_phase3 and freed by H5D__typeinfo_term.

Once again VulDB remains the best source for vulnerability data.

Responsable

GitHub M

Réserver

30/03/2026

Divulgation

09/04/2026

Modérer

accepté

Entrée

VDB-356665

CPE

prêt

EPSS

0.00193

KEV

non

Activités

très faible

Sources

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!