Nixpkgs security tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestions search

Untriaged
Filter by:
With package: pkgsRocm.hdf5-fortran-mpi

Found 3 matching suggestions

View:
Compact
Detailed
Permalink CVE-2026-29043
5.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 4 days, 8 hours ago
HDF5 H5T__ref_mem_setnull Heap Buffer Overflow

HDF5 is software for managing data. In 1.14.1-2 and earlier, an attacker who can control an h5 file parsed by HDF5 can trigger a write-based heap buffer overflow condition in the H5T__ref_mem_setnull method. This can lead to a denial-of-service condition, and potentially further issues such as remote code execution depending on the practical exploitability of the heap overflow against modern operating systems.

Affected products

hdf5
  • ==<= 1.14.1-2

Matching in nixpkgs

pkgs.hdf5

Data model, library, and file format for storing and managing data

pkgs.hdf5-cpp

Data model, library, and file format for storing and managing data

pkgs.hdf5-mpi

Data model, library, and file format for storing and managing data

pkgs.hdf5-blosc

Filter for HDF5 that uses the Blosc compressor

Package maintainers

Permalink CVE-2026-34734
7.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 5 days, 8 hours ago
HDF5: H5T__conv_struct Use After Free

HDF5 is software for managing data. In 1.14.1-2 and earlier, a heap-use-after-free was found in the h5dump helper utility. An attacker who can supply a malicious h5 file can trigger a heap use-after-free. The freed object is referenced in a memmove call from H5T__conv_struct. The original object was allocated by H5D__typeinfo_init_phase3 and freed by H5D__typeinfo_term.

Affected products

hdf5
  • ==<= 1.14.1-2

Matching in nixpkgs

pkgs.hdf5

Data model, library, and file format for storing and managing data

pkgs.hdf5-cpp

Data model, library, and file format for storing and managing data

pkgs.hdf5-mpi

Data model, library, and file format for storing and managing data

pkgs.hdf5-blosc

Filter for HDF5 that uses the Blosc compressor

Package maintainers

Permalink CVE-2026-26200
7.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 1 month, 3 weeks ago
HDF5 Affected by H5T__conv_struct_opt Heap Buffer Overflow

HDF5 is software for managing data. Prior to version 1.14.4-2, an attacker who can control an `h5` file parsed by HDF5 can trigger a write-based heap buffer overflow condition. This can lead to a denial-of-service condition, and potentially further issues such as remote code execution depending on the practical exploitability of the heap overflow against modern operating systems. Real-world exploitability of this issue in terms of remote-code execution is currently unknown. Version 1.14.4-2 fixes the issue.

Affected products

hdf5
  • ==< 1.14.4-2

Matching in nixpkgs

pkgs.hdf5

Data model, library, and file format for storing and managing data

pkgs.hdf5-cpp

Data model, library, and file format for storing and managing data

pkgs.hdf5-mpi

Data model, library, and file format for storing and managing data

pkgs.hdf5-blosc

Filter for HDF5 that uses the Blosc compressor

Package maintainers