{"id":"CVE-2026-29043","summary":"HDF5 H5T__ref_mem_setnull Heap Buffer Overflow","details":"HDF5 is software for managing data. In 1.14.1-2 and earlier, an attacker who can control an h5 file parsed by HDF5 can trigger a write-based heap buffer overflow condition in the H5T__ref_mem_setnull method. This can lead to a denial-of-service condition, and potentially further issues such as remote code execution depending on the practical exploitability of the heap overflow against modern operating systems.","aliases":["GHSA-qm2m-5g5w-2277"],"modified":"2026-04-15T11:47:56.930773Z","published":"2026-04-10T15:35:51.682Z","database_specific":{"cwe_ids":["CWE-122"],"cna_assigner":"GitHub_M","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/29xxx/CVE-2026-29043.json"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/29xxx/CVE-2026-29043.json"},{"type":"ADVISORY","url":"https://github.com/HDFGroup/hdf5/security/advisories/GHSA-qm2m-5g5w-2277"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-29043"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/hdfgroup/hdf5","events":[{"introduced":"0"},{"last_affected":"ac07382ca947de2b936204dc9d60ce9ac245a21f"}],"database_specific":{"source":"AFFECTED_FIELD","extracted_events":[{"introduced":"0"},{"last_affected":"1.14.1-2"}]}}],"versions":["1.14.1","before_removing_docs","before_removing_fphdf5","before_removing_mpiposix_vfd","before_removing_tbbt_code","before_signed_unsigned_changes","hdf5-1_0_0","hdf5-1_0_0-alpha2","hdf5-1_0_1","hdf5-1_13_0-rc1","hdf5-1_13_0-rc2","hdf5-1_13_0-rc3","hdf5-1_13_0-rc4","hdf5-1_13_0-rc5","hdf5-1_13_0-rc6","hdf5-1_14_1","hdf5-1_14_1-2","hdf5-1_2_0","hdf5-1_2_0-beta1-update2","hdf5-1_2_0beta","hdf5-1_2_1","hdf5-1_3_0","hdf5-1_3_1","hdf5-1_4_0","hdf5-1_4_1","hdf5-1_6_0","hdf5-1_6_1","hdf5-1_6_2","hdf5-1_8_0-alpha2","hdf5-1_8_0-alpha3","hdf5-1_8_0-alpha4","hdf5-1_8_0-beta1","hdf5-1_8_0-beta2","hdf5-1_8_0-beta3","hdf5-1_8_0-beta4","hdf5-1_8_0-beta5","hdf5-1_9-start","hdff5-1_14-_0","hdff5-1_14_0","proto1","r1_1beta1","vms_last_support_trunk"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-29043.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}