CVE-2026-29043 MEDIUM

CVE-2026-29043: HDF5 H5T__ref_mem_setnull Heap Buffer Overflow

Vendor Hdfgroup
Product hdf5
Weakness CWE-122
Published April 10, 2026
Last update April 14, 2026

CVSS base score

5.5/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

HDF5 is software for managing data. In 1.14.1-2 and earlier, an attacker who can control an h5 file parsed by HDF5 can trigger a write-based heap buffer overflow condition in the H5T__ref_mem_setnull method. This can lead to a denial-of-service condition, and potentially further issues such as remote code execution depending on the practical exploitability of the heap overflow against modern operating systems.

Key dates

02Disclosure timeline

April 10, 2026 CVE published
April 14, 2026 Record updated