CVE-2026-34734
Heap Use-After-Free in HDF5 h5dump Allows Memory Corruption
Publication date: 2026-04-09
Last updated on: 2026-04-14
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hdfgroup | hdf5 | to 1.14.1-2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-416 | The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
CVE-2026-34734 is a high-severity use-after-free vulnerability in the HDF5 library, specifically in the h5dump helper utility. It occurs when a malicious HDF5 (.h5) file is parsed, triggering a heap use-after-free condition.
The issue arises because an object allocated by the function H5D__typeinfo_init_phase3 is freed by H5D__typeinfo_term but is still referenced later in a memmove call inside the function H5T__conv_struct. This leads to accessing freed memory.
This vulnerability was discovered through fuzzing and confirmed with AddressSanitizer, showing a large read from freed memory during execution of h5dump on crafted files.
How can this vulnerability impact me? :
This vulnerability can lead to denial-of-service (DoS) conditions by crashing any process that parses a malicious HDF5 file using the vulnerable h5dump utility or other affected functions.
Additionally, depending on exploitability, it may allow remote code execution if an attacker can trick a target system into parsing a malicious file, for example via server-side processes handling attacker-controlled HDF5 files.
The attack vector is local, requiring the attacker to supply a malicious file, but the attack complexity is low and no privileges are required.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring the execution of the h5dump utility when it processes HDF5 (.h5) files, especially those that might be attacker-controlled or suspicious.
Using AddressSanitizer (ASAN) with GCC 10 or similar memory debugging tools during testing or analysis can help identify the heap use-after-free condition triggered by malicious files.
A practical approach is to run h5dump on suspect HDF5 files and observe for crashes or ASAN reports indicating use-after-free reads.
- Run h5dump on a suspicious file: `h5dump suspicious_file.h5` and monitor for crashes or abnormal behavior.
- Compile h5dump with AddressSanitizer enabled and execute it on test files to detect memory errors.
What immediate steps should I take to mitigate this vulnerability?
Since no patched versions are currently available, immediate mitigation involves minimizing exposure to untrusted or attacker-controlled HDF5 files.
Avoid running h5dump or other HDF5 processing utilities on files from untrusted sources.
Implement strict file validation and sandboxing when processing HDF5 files to limit potential damage from exploitation.
Monitor for updates or patches from the HDF5 project and apply them as soon as they become available.