Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2026-26200

Опубликовано: 19 фев. 2026
Источник: redhat
CVSS3: 7.8
EPSS Низкий

Описание

HDF5 is software for managing data. Prior to version 1.14.4-2, an attacker who can control an h5 file parsed by HDF5 can trigger a write-based heap buffer overflow condition. This can lead to a denial-of-service condition, and potentially further issues such as remote code execution depending on the practical exploitability of the heap overflow against modern operating systems. Real-world exploitability of this issue in terms of remote-code execution is currently unknown. Version 1.14.4-2 fixes the issue.

A flaw was found in HDF5, a software for managing data. An attacker who can control an h5 file parsed by HDF5 can trigger a write-based heap buffer overflow. This can lead to a denial-of-service condition, and could potentially lead to further issues such as remote code execution, though its real-world exploitability for this is currently unknown.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux AI (RHEL AI) 3hdf5Affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-131
https://bugzilla.redhat.com/show_bug.cgi?id=2441088hdf5: HDF5: Denial of Service due to heap buffer overflow when parsing a crafted h5 file

EPSS

Процентиль: 10%
0.00034
Низкий

7.8 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2026-26200

CVSS3: 7.8
ubuntu
около 1 месяца назад

HDF5 is software for managing data. Prior to version 1.14.4-2, an attacker who can control an `h5` file parsed by HDF5 can trigger a write-based heap buffer overflow condition. This can lead to a denial-of-service condition, and potentially further issues such as remote code execution depending on the practical exploitability of the heap overflow against modern operating systems. Real-world exploitability of this issue in terms of remote-code execution is currently unknown. Version 1.14.4-2 fixes the issue.

nvd логотип

CVE-2026-26200

CVSS3: 7.8
nvd
около 1 месяца назад

HDF5 is software for managing data. Prior to version 1.14.4-2, an attacker who can control an `h5` file parsed by HDF5 can trigger a write-based heap buffer overflow condition. This can lead to a denial-of-service condition, and potentially further issues such as remote code execution depending on the practical exploitability of the heap overflow against modern operating systems. Real-world exploitability of this issue in terms of remote-code execution is currently unknown. Version 1.14.4-2 fixes the issue.

debian логотип

CVE-2026-26200

CVSS3: 7.8
debian
около 1 месяца назад

HDF5 is software for managing data. Prior to version 1.14.4-2, an atta ...

EPSS

Процентиль: 10%
0.00034
Низкий

7.8 High

CVSS3