HDF5 is software used for managing data. In versions 1.14.1-2 and earlier, a heap-use-after-free vulnerability exists in the h5dump helper utility. An attacker who provides a malicious h5 file can exploit this vulnerability to trigger a heap use-after-free condition. The issue arises because the freed object is referenced in a memmove call within the function H5T__conv_struct. The original object was allocated by H5D__typeinfo_init_phase3 and later freed by H5D__typeinfo_term.

‍