{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-34734", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-30T18:41:20.754Z", "datePublished": "2026-04-09T19:01:21.794Z", "dateUpdated": "2026-04-13T20:47:37.724Z"}, "containers": {"cna": {"title": "HDF5: H5T__conv_struct Use After Free", "problemTypes": [{"descriptions": [{"cweId": "CWE-416", "lang": "en", "description": "CWE-416: Use After Free", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/HDFGroup/hdf5/security/advisories/GHSA-w7v2-9cmr-pwwj", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/HDFGroup/hdf5/security/advisories/GHSA-w7v2-9cmr-pwwj"}], "affected": [{"vendor": "HDFGroup", "product": "hdf5", "versions": [{"version": "<= 1.14.1-2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-09T19:01:21.794Z"}, "descriptions": [{"lang": "en", "value": "HDF5 is software for managing data. In 1.14.1-2 and earlier, a heap-use-after-free was found in the h5dump helper utility. An attacker who can supply a malicious h5 file can trigger a heap use-after-free. The freed object is referenced in a memmove call from H5T__conv_struct. The original object was allocated by H5D__typeinfo_init_phase3 and freed by H5D__typeinfo_term."}], "source": {"advisory": "GHSA-w7v2-9cmr-pwwj", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/HDFGroup/hdf5/security/advisories/GHSA-w7v2-9cmr-pwwj", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-13T20:47:34.523913Z", "id": "CVE-2026-34734", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-13T20:47:37.724Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-34734", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-13T20:47:34.523913Z"}}}], "references": [{"url": "https://github.com/HDFGroup/hdf5/security/advisories/GHSA-w7v2-9cmr-pwwj", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-13T20:47:29.888Z"}}], "cna": {"title": "HDF5: H5T__conv_struct Use After Free", "source": {"advisory": "GHSA-w7v2-9cmr-pwwj", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "HDFGroup", "product": "hdf5", "versions": [{"status": "affected", "version": "<= 1.14.1-2"}]}], "references": [{"url": "https://github.com/HDFGroup/hdf5/security/advisories/GHSA-w7v2-9cmr-pwwj", "name": "https://github.com/HDFGroup/hdf5/security/advisories/GHSA-w7v2-9cmr-pwwj", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "HDF5 is software for managing data. In 1.14.1-2 and earlier, a heap-use-after-free was found in the h5dump helper utility. An attacker who can supply a malicious h5 file can trigger a heap use-after-free. The freed object is referenced in a memmove call from H5T__conv_struct. The original object was allocated by H5D__typeinfo_init_phase3 and freed by H5D__typeinfo_term."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416: Use After Free"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-09T19:01:21.794Z"}}}, "cveMetadata": {"cveId": "CVE-2026-34734", "state": "PUBLISHED", "dateUpdated": "2026-04-13T20:47:37.724Z", "dateReserved": "2026-03-30T18:41:20.754Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-09T19:01:21.794Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hdfgroup:hdf5:*:*:*:*:*:*:*:*", "matchCriteriaId": "D8B60376-0798-400E-9C01-184EE73C4A51", "versionEndExcluding": "1.14.1-2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "HDF5 is software for managing data. In 1.14.1-2 and earlier, a heap-use-after-free was found in the h5dump helper utility. An attacker who can supply a malicious h5 file can trigger a heap use-after-free. The freed object is referenced in a memmove call from H5T__conv_struct. The original object was allocated by H5D__typeinfo_init_phase3 and freed by H5D__typeinfo_term."}], "id": "CVE-2026-34734", "lastModified": "2026-04-14T20:09:51.313", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-09T20:16:25.437", "references": [{"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/HDFGroup/hdf5/security/advisories/GHSA-w7v2-9cmr-pwwj"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/HDFGroup/hdf5/security/advisories/GHSA-w7v2-9cmr-pwwj"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{"bugzilla": {"description": "hdf5: h5dump: HDF5 h5dump: Arbitrary code execution via a crafted HDF5 file", "id": "2457034", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457034"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-825", "details": ["A flaw was found in the HDF5 software, specifically in the h5dump helper utility. An attacker can exploit this vulnerability by providing a specially crafted HDF5 file, leading to a heap-use-after-free condition. This flaw can result in arbitrary code execution, allowing the attacker to take control of the affected system, or cause a denial of service."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2026-34734", "package_state": [{"cpe": "cpe:/a:redhat:enterprise_linux_ai:3", "fix_state": "Affected", "package_name": "hdf5", "product_name": "Red Hat Enterprise Linux AI (RHEL AI) 3"}], "public_date": "2026-04-09T19:01:21Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-34734\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-34734\nhttps://github.com/HDFGroup/hdf5/security/advisories/GHSA-w7v2-9cmr-pwwj"], "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.14.1-2]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "hdf5", "source": "cna", "vendor": "HDFGroup"}, "product": "hdf5", "vendor": "hdfgroup"}], "analysis": {"en": {"generated_at": "2026-04-14T23:35:48.528877+00:00", "value": {"mitigation_remediation": ["Upgrade HDF5 to a version that includes the fix, such as 1.14.3 or later.", "Run the h5dump utility only with trusted input files and limit its execution to authorized users or environments.", "If h5dump is not required, disable or remove the utility from the system to eliminate the attack surface."], "summary": {"action": "Apply Patch", "impact": "Memory Corruption"}, "threat_synthesis": {"affected_systems": "HDFGroup\u2019s HDF5 library, versions 1.14.1, 1.14.2, and earlier, is affected when the h5dump utility is used. Any installation that processes external HDF5 files with these releases is vulnerable.", "description_and_impact": "The vulnerability is a heap use\u2011after\u2011free in the h5dump helper utility of HDF5. A malicious .h5 file can trigger a call to memmove that accesses memory that has already been freed, producing memory corruption that can corrupt data structures or crash the process.", "risk_and_exploitability": "The CVSS score of 7.8 indicates high severity, while the EPSS score of less than 1\u202f% shows a low probability of current exploitation. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires an attacker to supply a crafted .h5 file to the target system\u2019s h5dump utility or application that uses it; processing the file can lead to instability or data corruption."}}}}, "created": "2026-04-10T08:39:02.257033+00:00", "updated": "2026-04-15T16:00:07.801700+00:00", "vendors": ["hdfgroup", "hdfgroup$PRODUCT$hdf5"]}