Description

HDF5 is software for managing data. In 1.14.1-2 and earlier, a heap-use-after-free was found in the h5dump helper utility. An attacker who can supply a malicious h5 file can trigger a heap use-after-free. The freed object is referenced in a memmove call from H5T__conv_struct. The original object was allocated by H5D__typeinfo_init_phase3 and freed by H5D__typeinfo_term.

INFO

Published Date :

2026-04-09T19:01:21.794Z

Last Modified :

2026-04-09T19:01:21.794Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-34734 vulnerability.

Vendors Products
Hdfgroup
  • Hdf5
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-34734.

URL Resource
https://github.com/HDFGroup/hdf5/security/advisories/GHSA-w7v2-9cmr-pwwj cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact