CVE-2026-29043 - Vulnerability Details

- HDF5 H5T__ref_mem_setnull Heap Buffer Overflow

Description

HDF5 is software for managing data. In 1.14.1-2 and earlier, an attacker who can control an h5 file parsed by HDF5 can trigger a write-based heap buffer overflow condition in the H5T__ref_mem_setnull method. This can lead to a denial-of-service condition, and potentially further issues such as remote code execution depending on the practical exploitability of the heap overflow against modern operating systems.

Published: 2026-04-10

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

HDF5, versions 1.14.1-2 and earlier, have a heap buffer overflow in the H5T__ref_mem_setnull function. A crafted HDF5 file can trigger this overflow when processed, causing a denial‑of‑service condition and potentially allowing an attacker to execute code depending on how the overflow is exploited on the target operating system. The weakness originates from writing beyond a heap allocation while setting reference memory to null.

Affected Systems

All installations of the HDFGroup HDF5 library running version 1.14.1‑2 or earlier are vulnerable. This includes any application that parses or loads user‑supplied HDF5 files, such as scientific computing, data analytics, and other data‑processing workloads that rely on HDF5.

Risk and Exploitability

The CVSS score of 5.5 indicates a moderate severity, while the EPSS of less than 1% suggests a low likelihood of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. An attacker would need to supply the vulnerable program with a malicious HDF5 file; successful exploitation could result in denial of service or, under certain conditions, remote code execution. No official workaround is documented, so patching is the recommended defense.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

HDFGroup

hdf5

affected

Version	Status	Constraints
`<= 1.14.1-2`	affected	—

Configuration 1 [-]

cpe:2.3:a:hdfgroup:hdf5:*:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

Hdfgroup

Hdf5

100%

Version	Status	Scheme	Platform
`[0,1.14.1-2]`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade HDF5 to a version newer than 1.14.1-2.
Confirm the installed version with package information or HDF5 utilities.
Restrict parsing of untrusted HDF5 files until the upgrade or run the service in a sandboxed environment.

Generated by OpenCVE AI on April 13, 2026 at 14:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00033.

Exploitation poc

Automatable no

Technical Impact partial

References

Link	Providers
https://github.com/HDFGroup/hdf5/security/advisories/GHSA-qm2m-5g5w-2277
https://nvd.nist.gov/vuln/detail/CVE-2026-29043
https://www.cve.org/CVERecord?id=CVE-2026-29043

History

Thu, 16 Apr 2026 19:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:a:hdfgroup:hdf5::::::::

Tue, 14 Apr 2026 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 13 Apr 2026 13:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Hdfgroup Hdfgroup hdf5
Vendors & Products		Hdfgroup Hdfgroup hdf5

Mon, 13 Apr 2026 12:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-787
References		https://nvd.nist.gov/vuln/detail/CVE-2026-29043 https://www.cve.org/CVERecord?id=CVE-2026-29043
Metrics	threat_severity `None`	threat_severity `Moderate`

Fri, 10 Apr 2026 16:00:00 +0000

Type	Values Removed	Values Added
Description		HDF5 is software for managing data. In 1.14.1-2 and earlier, an attacker who can control an h5 file parsed by HDF5 can trigger a write-based heap buffer overflow condition in the H5T__ref_mem_setnull method. This can lead to a denial-of-service condition, and potentially further issues such as remote code execution depending on the practical exploitability of the heap overflow against modern operating systems.
Title		HDF5 H5T__ref_mem_setnull Heap Buffer Overflow
Weaknesses		CWE-122
References		https://github.com/HDFGroup/hdf5/security/advisories/GHSA-qm2m-5g5w-2277
Metrics		cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}`

Subscriptions

Hdfgroup Hdf5

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2026-04-10T15:35:51.682Z

Updated: 2026-04-14T14:50:46.566Z

Reserved: 2026-03-03T17:50:11.242Z

Link: CVE-2026-29043

Vulnrichment

Updated: 2026-04-14T14:50:42.601Z

NVD

Status : Analyzed

Published: 2026-04-10T16:16:30.693

Modified: 2026-04-16T19:40:13.963

Link: CVE-2026-29043

Redhat

Severity : Moderate

Publid Date: 2026-04-10T15:35:51Z

Links: CVE-2026-29043 - Bugzilla

OpenCVE Enrichment

Updated: 2026-04-13T14:27:07Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

Exploitation poc

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object