CVE-2026-34734
Received Received - Intake
Heap Use-After-Free in HDF5 h5dump Allows Memory Corruption

Publication date: 2026-04-09

Last updated on: 2026-04-14

Assigner: GitHub, Inc.

Description
HDF5 is software for managing data. In 1.14.1-2 and earlier, a heap-use-after-free was found in the h5dump helper utility. An attacker who can supply a malicious h5 file can trigger a heap use-after-free. The freed object is referenced in a memmove call from H5T__conv_struct. The original object was allocated by H5D__typeinfo_init_phase3 and freed by H5D__typeinfo_term.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-09
Last Modified
2026-04-14
Generated
2026-06-16
AI Q&A
2026-04-10
EPSS Evaluated
2026-06-15
NVD
CVE-2026-34734
EUVD
EUVD-2026-21020
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
hdfgroup hdf5 to 1.14.1-2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-416 The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2026-34734 is a high-severity use-after-free vulnerability in the HDF5 library, specifically in the h5dump helper utility. It occurs when a malicious HDF5 (.h5) file is parsed, triggering a heap use-after-free condition.

The issue arises because an object allocated by the function H5D__typeinfo_init_phase3 is freed by H5D__typeinfo_term but is still referenced later in a memmove call inside the function H5T__conv_struct. This leads to accessing freed memory.

This vulnerability was discovered through fuzzing and confirmed with AddressSanitizer, showing a large read from freed memory during execution of h5dump on crafted files.

Impact Analysis

This vulnerability can lead to denial-of-service (DoS) conditions by crashing any process that parses a malicious HDF5 file using the vulnerable h5dump utility or other affected functions.

Additionally, depending on exploitability, it may allow remote code execution if an attacker can trick a target system into parsing a malicious file, for example via server-side processes handling attacker-controlled HDF5 files.

The attack vector is local, requiring the attacker to supply a malicious file, but the attack complexity is low and no privileges are required.

Detection Guidance

This vulnerability can be detected by monitoring the execution of the h5dump utility when it processes HDF5 (.h5) files, especially those that might be attacker-controlled or suspicious.

Using AddressSanitizer (ASAN) with GCC 10 or similar memory debugging tools during testing or analysis can help identify the heap use-after-free condition triggered by malicious files.

A practical approach is to run h5dump on suspect HDF5 files and observe for crashes or ASAN reports indicating use-after-free reads.

  • Run h5dump on a suspicious file: `h5dump suspicious_file.h5` and monitor for crashes or abnormal behavior.
  • Compile h5dump with AddressSanitizer enabled and execute it on test files to detect memory errors.
Mitigation Strategies

Since no patched versions are currently available, immediate mitigation involves minimizing exposure to untrusted or attacker-controlled HDF5 files.

Avoid running h5dump or other HDF5 processing utilities on files from untrusted sources.

Implement strict file validation and sandboxing when processing HDF5 files to limit potential damage from exploitation.

Monitor for updates or patches from the HDF5 project and apply them as soon as they become available.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-34734. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart