CVE-2026-29043
Heap Buffer Overflow in HDF5 File Parsing Causes DoS Risk
Publication date: 2026-04-10
Last updated on: 2026-04-16
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hdfgroup | hdf5 | to 1.14.1-2 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-122 | A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc(). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-29043 is a heap buffer overflow vulnerability in the HDF5 library, specifically in the function H5T__ref_mem_setnull. This vulnerability occurs when an attacker controls an HDF5 file that is parsed by the library. The issue arises because the function attempts to overwrite a buffer with null bytes beyond its allocated size, causing a write-based heap buffer overflow.
The overflow happens when the memset operation writes 64 bytes of null data immediately after a 16-byte allocated heap region, leading to out-of-bounds memory writes. This can cause the application parsing the malicious file to crash.
While this overflow can theoretically lead to remote code execution, the fact that it only writes null bytes reduces the likelihood of such exploitation. The vulnerability was discovered through fuzzing and confirmed using AddressSanitizer.
How can this vulnerability impact me? :
This vulnerability can impact you by causing denial-of-service (DoS) conditions. If your system or application parses attacker-controlled HDF5 files, the heap buffer overflow can crash the process handling those files.
In some scenarios, especially where server-side processes parse malicious HDF5 files without user interaction, the impact could be more severe.
Although remote code execution is theoretically possible, it is considered less likely due to the nature of the overflow writing only null bytes.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to parse potentially malicious HDF5 files using utilities such as h5dump or h5stat, which use the vulnerable HDF5 library functions.
A practical detection method is to run h5dump on suspicious or untrusted HDF5 files and observe if the process crashes or triggers an AddressSanitizer (ASAN) heap-buffer-overflow error.
- Use the command: h5dump suspicious_file.h5
- Monitor for crashes or ASAN error messages indicating a heap-buffer-overflow in H5T__ref_mem_setnull.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding parsing untrusted or attacker-controlled HDF5 files with vulnerable versions of the HDF5 library (up to and including 1.14.1-2).
Since no patched versions are available at the time of the advisory, it is recommended to restrict or disable the use of utilities like h5dump and h5stat on untrusted inputs.
Additionally, consider isolating or sandboxing processes that parse HDF5 files to limit the impact of potential denial-of-service conditions.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.