Nixpkgs security tracker

Untriaged

Permalink CVE-2026-34734

7.8 HIGH

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 5 days, 8 hours ago

HDF5: H5T__conv_struct Use After Free

HDF5 is software for managing data. In 1.14.1-2 and earlier, a heap-use-after-free was found in the h5dump helper utility. An attacker who can supply a malicious h5 file can trigger a heap use-after-free. The freed object is referenced in a memmove call from H5T__conv_struct. The original object was allocated by H5D__typeinfo_init_phase3 and freed by H5D__typeinfo_term.

References

https://github.com/HDFGroup/hdf5/security/advisories/GHSA-w7v2-9cmr-pwwj x_refsource_CONFIRM

Affected products

hdf5

==<= 1.14.1-2

Matching in nixpkgs

pkgs.hdf5

Data model, library, and file format for storing and managing data

nixos-unstable 1.14.6
- nixpkgs-unstable 1.14.6
- nixos-unstable-small 1.14.6
nixos-25.11 1.14.6
- nixos-25.11-small 1.14.6
- nixpkgs-25.11-darwin 1.14.6

pkgs.hdf5-cpp

Data model, library, and file format for storing and managing data

nixos-unstable 1.14.6
- nixpkgs-unstable 1.14.6
- nixos-unstable-small 1.14.6
nixos-25.11 1.14.6
- nixos-25.11-small 1.14.6
- nixpkgs-25.11-darwin 1.14.6

pkgs.hdf5-mpi

Data model, library, and file format for storing and managing data

nixos-unstable 1.14.6
- nixpkgs-unstable 1.14.6
- nixos-unstable-small 1.14.6
nixos-25.11 1.14.6
- nixos-25.11-small 1.14.6
- nixpkgs-25.11-darwin 1.14.6

pkgs.hdf5_1_10

Data model, library, and file format for storing and managing data

nixos-unstable 1.10.11
- nixpkgs-unstable 1.10.11
- nixos-unstable-small 1.10.11
nixos-25.11 1.10.11
- nixos-25.11-small 1.10.11
- nixpkgs-25.11-darwin 1.10.11

pkgs.hdf5-blosc

Filter for HDF5 that uses the Blosc compressor

nixos-unstable 1.0.1
- nixpkgs-unstable 1.0.1
- nixos-unstable-small 1.0.1
nixos-25.11 1.0.1
- nixos-25.11-small 1.0.1
- nixpkgs-25.11-darwin 1.0.1

pkgs.hdf5-fortran

Data model, library, and file format for storing and managing data

nixos-unstable 1.14.6
- nixpkgs-unstable 1.14.6
- nixos-unstable-small 1.14.6
nixos-25.11 1.14.6
- nixos-25.11-small 1.14.6
- nixpkgs-25.11-darwin 1.14.6

pkgs.hdf5-threadsafe

Data model, library, and file format for storing and managing data

nixos-unstable 1.14.6
- nixpkgs-unstable 1.14.6
- nixos-unstable-small 1.14.6
nixos-25.11 1.14.6
- nixos-25.11-small 1.14.6
- nixpkgs-25.11-darwin 1.14.6

pkgs.hdf5-fortran-mpi

Data model, library, and file format for storing and managing data

nixos-unstable 1.14.6
- nixpkgs-unstable 1.14.6
- nixos-unstable-small 1.14.6
nixos-25.11 1.14.6
- nixos-25.11-small 1.14.6
- nixpkgs-25.11-darwin 1.14.6

pkgs.pkgsRocm.hdf5-mpi

Data model, library, and file format for storing and managing data

nixos-unstable 1.14.6
- nixpkgs-unstable 1.14.6
- nixos-unstable-small 1.14.6
nixos-25.11 1.14.6
- nixos-25.11-small 1.14.6
- nixpkgs-25.11-darwin 1.14.6

pkgs.haskellPackages.hdf5

Haskell interface to the HDF5 scientific data storage library

nixos-unstable 1.8.15
- nixpkgs-unstable 1.8.15
- nixos-unstable-small 1.8.15
nixos-25.11 1.8.15
- nixos-25.11-small 1.8.15
- nixpkgs-25.11-darwin 1.8.15

pkgs.haskellPackages.hdf5-lite

High-level bindings to the HDF5 "lite" interface

nixos-unstable 0.1.1.0
- nixpkgs-unstable 0.1.1.0
- nixos-unstable-small 0.1.1.0
nixos-25.11 0.1.1.0
- nixos-25.11-small 0.1.1.0
- nixpkgs-25.11-darwin 0.1.1.0

pkgs.pkgsRocm.hdf5-fortran-mpi

Data model, library, and file format for storing and managing data

nixos-unstable 1.14.6
- nixpkgs-unstable 1.14.6
- nixos-unstable-small 1.14.6
nixos-25.11 1.14.6
- nixos-25.11-small 1.14.6
- nixpkgs-25.11-darwin 1.14.6

pkgs.python312Packages.hdf5plugin

Additional compression filters for h5py

nixos-25.11 hdf5plugin-5.1.0
- nixos-25.11-small hdf5plugin-5.1.0
- nixpkgs-25.11-darwin hdf5plugin-5.1.0

pkgs.python313Packages.hdf5plugin

Additional compression filters for h5py

nixos-unstable hdf5plugin-6.0.0
- nixpkgs-unstable hdf5plugin-6.0.0
- nixos-unstable-small hdf5plugin-6.0.0
nixos-25.11 hdf5plugin-5.1.0
- nixos-25.11-small hdf5plugin-5.1.0
- nixpkgs-25.11-darwin hdf5plugin-5.1.0

pkgs.python314Packages.hdf5plugin

Additional compression filters for h5py

nixos-unstable hdf5plugin-6.0.0
- nixpkgs-unstable hdf5plugin-6.0.0
- nixos-unstable-small hdf5plugin-6.0.0

Package maintainers

@markuskowa Markus Kowalewski <markus.kowalewski@gmail.com>
@bhipple Benjamin Hipple <bhipple@protonmail.com>
@stephen-huan Stephen Huan <stephen.huan@cgdct.moe>
@pbsds Peder Bergebakken Sundt <pbsds@hotmail.com>

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.hdf5

pkgs.hdf5-cpp

pkgs.hdf5-mpi

pkgs.hdf5_1_10

pkgs.hdf5-blosc

pkgs.hdf5-fortran

pkgs.hdf5-threadsafe

pkgs.hdf5-fortran-mpi

pkgs.pkgsRocm.hdf5-mpi

pkgs.haskellPackages.hdf5

pkgs.haskellPackages.hdf5-lite

pkgs.pkgsRocm.hdf5-fortran-mpi

pkgs.python312Packages.hdf5plugin

pkgs.python313Packages.hdf5plugin

pkgs.python314Packages.hdf5plugin

Package maintainers