Skip to main content

OSGeo GDAL CVE-2026-8086

| EUVDEUVD-2026-28418 LOW
Heap-based Buffer Overflow (CWE-122)
2026-05-07 VulDB GHSA-72pg-5w29-wjx6
1.9
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
1.9 LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

5
Source Code Evidence Fetched
May 07, 2026 - 19:48 vuln.today
Analysis Generated
May 07, 2026 - 19:48 vuln.today
Severity Changed
May 07, 2026 - 19:22 NVD
MEDIUM LOW
CVSS changed
May 07, 2026 - 19:22 NVD
5.3 (MEDIUM) 1.9 (LOW)
CVE Published
May 07, 2026 - 18:45 nvd
LOW 1.9

DescriptionCVE.org

A vulnerability was identified in OSGeo gdal up to 3.13.0dev-4. This issue affects the function SWnentries of the file frmts/hdf4/hdf-eos/SWapi.c. Such manipulation of the argument DimensionName leads to heap-based buffer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. Upgrading to version 3.12.4RC1 is capable of addressing this issue. The name of the patch is 9491e794f1757f08063ea2f7a274ad2994afa636. It is advisable to upgrade the affected component.

AnalysisAI

Heap-based buffer overflow in OSGeo GDAL up to 3.13.0dev-4 within the SWnentries function of the HDF4-EOS module allows local authenticated attackers to cause memory corruption via crafted DimensionName arguments. The vulnerability requires local access and authenticated privileges but can be exploited with publicly available proof-of-concept code. CVSS score of 1.9 reflects limited confidentiality, integrity, and availability impact despite the buffer overflow nature, indicating the vulnerability has constrained real-world severity despite its technical classification.

Technical ContextAI

The vulnerability exists in the HDF4-EOS (Hierarchical Data Format 4 Earth Observing System) subsystem of GDAL, specifically in the SWapi.c file's SWnentries function. This function processes Scientific Workspace metadata entries, including dimension names. The root cause (CWE-122: Heap-based Buffer Overflow) occurs when the function fails to properly validate or bound-check the DimensionName parameter before using it in string operations. The fix involves correcting an infinite loop condition (while(1) to while(metaptrs[0])) and adding proper bounds checking for quoted versus unquoted string length calculations in the utlstr buffer handling. HDF4 is a legacy scientific data format commonly used in geospatial and climate applications; GDAL is the standard open-source library for reading/writing such formats.

RemediationAI

Vendor-released patch: Upgrade GDAL to version 3.12.4RC1 or later. The upstream fix (commit 9491e794f1757f08063ea2f7a274ad2994afa636, merged via PR#14361) corrects the infinite loop condition and adds proper string length validation. For users unable to immediately upgrade, disable HDF4 format support in GDAL if not required (rebuild with --without-hdf4), or restrict access to HDF4 file processing to trusted data sources only. Since exploitation requires local authenticated access, network-based isolation (e.g., containerization, restricted user shells) provides limited additional benefit but reduces the attack surface from internal users. Testing should verify that legitimate HDF4 files with both quoted and unquoted dimension names are correctly parsed after patching.

More in Gdal

View all
CVE-2019-17545 CRITICAL
9.8 Oct 14

GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exce

CVE-2025-29480 MEDIUM POC
5.5 Apr 07

Buffer Overflow vulnerability in gdal 3.10.2 allows a local attacker to cause a denial of service via the OGRSpatialRefe

CVE-2026-4738 CRITICAL
9.4 Mar 24

A buffer overflow vulnerability in GDAL versions before 3.11.0 within the zlib infback9 module allows remote attackers t

CVE-2019-17546 HIGH
8.8 Oct 14

tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that

CVE-2026-49014 HIGH
7.4 May 27

Arbitrary code execution in GDAL 3.1.0 through 3.13.0 is reachable through the netCDF driver, where scanForGeometryConta

CVE-2026-8213 LOW POC
1.9 May 09

Heap-based buffer overflow in OSGeo GDAL's Grid File Handler (GDSDfldsrch function in frmts/hdf4/hdf-eos/GDapi.c) affect

CVE-2026-8212 LOW POC
1.9 May 09

Heap-based buffer overflow in GDAL's HDF4-EOS SWSDfldsrch function (frmts/hdf4/hdf-eos/SWapi.c) allows local authenticat

CVE-2026-8087 LOW POC
1.9 May 07

Heap-based buffer overflow in OSGeo GDAL up to version 3.13.0dev-4 allows local authenticated attackers to corrupt memor

CVE-2026-8084 LOW POC
1.9 May 07

Out-of-bounds read in OSGeo GDAL up to version 3.13.0dev-4 occurs in the HDF-EOS Grid File Handler when parsing malforme

CVE-2026-8088 LOW POC
1.9 May 07

Out-of-bounds read in OSGeo GDAL up to version 3.13.0dev-4 affects the GDfieldinfo function in HDF-EOS module when proce

Share

CVE-2026-8086 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy