CVE-2026-29043
Received Received - Intake
Heap Buffer Overflow in HDF5 File Parsing Causes DoS Risk

Publication date: 2026-04-10

Last updated on: 2026-04-16

Assigner: GitHub, Inc.

Description
HDF5 is software for managing data. In 1.14.1-2 and earlier, an attacker who can control an h5 file parsed by HDF5 can trigger a write-based heap buffer overflow condition in the H5T__ref_mem_setnull method. This can lead to a denial-of-service condition, and potentially further issues such as remote code execution depending on the practical exploitability of the heap overflow against modern operating systems.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-10
Last Modified
2026-04-16
Generated
2026-06-16
AI Q&A
2026-04-10
EPSS Evaluated
2026-06-15
NVD
CVE-2026-29043
EUVD
EUVD-2026-21406
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
hdfgroup hdf5 to 1.14.1-2 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-122 A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-29043 is a heap buffer overflow vulnerability in the HDF5 library, specifically in the function H5T__ref_mem_setnull. This vulnerability occurs when an attacker controls an HDF5 file that is parsed by the library. The issue arises because the function attempts to overwrite a buffer with null bytes beyond its allocated size, causing a write-based heap buffer overflow.

The overflow happens when the memset operation writes 64 bytes of null data immediately after a 16-byte allocated heap region, leading to out-of-bounds memory writes. This can cause the application parsing the malicious file to crash.

While this overflow can theoretically lead to remote code execution, the fact that it only writes null bytes reduces the likelihood of such exploitation. The vulnerability was discovered through fuzzing and confirmed using AddressSanitizer.

Impact Analysis

This vulnerability can impact you by causing denial-of-service (DoS) conditions. If your system or application parses attacker-controlled HDF5 files, the heap buffer overflow can crash the process handling those files.

In some scenarios, especially where server-side processes parse malicious HDF5 files without user interaction, the impact could be more severe.

Although remote code execution is theoretically possible, it is considered less likely due to the nature of the overflow writing only null bytes.

Detection Guidance

This vulnerability can be detected by attempting to parse potentially malicious HDF5 files using utilities such as h5dump or h5stat, which use the vulnerable HDF5 library functions.

A practical detection method is to run h5dump on suspicious or untrusted HDF5 files and observe if the process crashes or triggers an AddressSanitizer (ASAN) heap-buffer-overflow error.

  • Use the command: h5dump suspicious_file.h5
  • Monitor for crashes or ASAN error messages indicating a heap-buffer-overflow in H5T__ref_mem_setnull.
Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Mitigation Strategies

Immediate mitigation steps include avoiding parsing untrusted or attacker-controlled HDF5 files with vulnerable versions of the HDF5 library (up to and including 1.14.1-2).

Since no patched versions are available at the time of the advisory, it is recommended to restrict or disable the use of utilities like h5dump and h5stat on untrusted inputs.

Additionally, consider isolating or sandboxing processes that parse HDF5 files to limit the impact of potential denial-of-service conditions.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-29043. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart