Home The HDF Group CVE-2024-29160
Back to The HDF Group

CVE-2024-29160

HDF5 - H5HG

The HDF Group CVSS 7.4 Updated April 6, 2026

Executive Risk Summary

"A heap buffer overflow vulnerability in HDF5 through 1.14.3 allows for potential code execution or denial of service. This vulnerability is caused by a corruption of the instruction pointer in the H5HG__cache_heap_deserialize function."

Anticipated Attack Path

  1. 1. Initial exploitation of the heap buffer overflow vulnerability
  2. 2. Potential code execution or denial of service
  3. 3. Lateral movement or further exploitation

Am I Vulnerable?

  • Verify HDF5 version and update to 1.14.4 or later
  • Monitor system logs for signs of exploitation
  • Implement additional security controls to prevent exploitation

Operational Audit Arsenal

Target Type library
Target Asset libhdf5
Standard Path /usr/lib or C:\Program Files\HDF Group\HDF5

Manual Verification Required

This is a non-Windows asset (The HDF Group). Use the target asset details and official path provided above to verify your current version against the official vendor advisories listed below.

Patch Impact Forecast

Reboot Required Unlikely

Minimal, dependent on dependent applications

Internal Work Notes

HDF5 library update required to address CVE-2024-29160, potential code execution or denial of service vulnerability.

Technical Intelligence & Operational Utilities • Delivered Weekly

Intelligence Sources

Official Advisoryhttps://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/
Official Advisoryhttps://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/

Related The HDF Group Threats

CVE-2024-29159 CVSS 9.8

HDF5 - H5Z__filter_scaleoffset
CVE-2024-29157 CVSS 9.8

HDF5 - H5HG_read
CVE-2024-29164 CVSS 9.8

HDF5 - H5R__decode_heap
Data compiled from NVD, MSRC, and CISA KEV Catalog. Intelligence synthesized via AI. Scripts provided for diagnostic purposes under MIT License.