HDF5 through 1.14.3 contains a heap buffer overflow in H5HG cache heap deserialize, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.