Skip to main content

OSGeo GDAL CVE-2026-8087

| EUVDEUVD-2026-28435 LOW
Heap-based Buffer Overflow (CWE-122)
2026-05-07 VulDB GHSA-h9rh-5ffh-h669
1.9
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
1.9 LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

5
Severity Changed
May 07, 2026 - 20:22 NVD
MEDIUM LOW
CVSS changed
May 07, 2026 - 20:22 NVD
5.3 (MEDIUM) 1.9 (LOW)
Source Code Evidence Fetched
May 07, 2026 - 20:01 vuln.today
Analysis Generated
May 07, 2026 - 20:01 vuln.today
CVE Published
May 07, 2026 - 19:00 nvd
MEDIUM 5.3

DescriptionCVE.org

A security flaw has been discovered in OSGeo gdal up to 3.13.0dev-4. Impacted is the function GDnentries of the file frmts/hdf4/hdf-eos/GDapi.c. Performing a manipulation of the argument DataFieldName results in heap-based buffer overflow. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. Upgrading to version 3.13.0RC1 is recommended to address this issue. The patch is named 184f77dbcc74118c062c05e464c88161d3c37b9b. You should upgrade the affected component.

AnalysisAI

Heap-based buffer overflow in OSGeo GDAL up to version 3.13.0dev-4 allows local authenticated attackers to corrupt memory and potentially execute arbitrary code via a specially crafted DataFieldName argument passed to the GDnentries function in the HDF-EOS module. The vulnerability affects string length calculation when processing quoted field names, publicly available exploit code exists, and vendor patch is available in version 3.13.0RC1.

Technical ContextAI

The vulnerability exists in the GDapi.c file within the HDF-EOS (Hierarchical Data Format - Earth Observing System) module of GDAL, a geospatial data abstraction library. The GDnentries function calculates buffer sizes for HDF4 grid field entries by parsing DataFieldName parameters. The root cause (CWE-122: Heap-based Buffer Overflow) stems from incorrect string length calculation: when processing quoted field names, the code unconditionally subtracts 2 bytes (to account for surrounding quotes) from the string length calculation without first verifying that the string is actually quoted. This causes the allocated buffer size to be undersized relative to the actual string data written, enabling heap corruption when unquoted or malformed field names are processed.

RemediationAI

Upgrade to OSGeo GDAL version 3.13.0RC1 or later, which includes the fix implemented in commit 184f77dbcc74118c062c05e464c88161d3c37b9b. The patch corrects the string length calculation by adding a conditional check to verify that a string is actually quoted before subtracting 2 bytes from its length. For systems unable to immediately upgrade, restrict local file system access to HDF4 files to only trusted sources, disable HDF4 driver support if not actively required (compile GDAL without HDF4 support), and implement file format validation to reject malformed HDF4 files before processing. Monitor GDAL process execution and implement sandboxing for automated HDF4 processing pipelines. Patch availability confirmed via GitHub releases at https://github.com/OSGeo/gdal/releases/tag/v3.13.0RC1.

More in Gdal

View all
CVE-2019-17545 CRITICAL
9.8 Oct 14

GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exce

CVE-2025-29480 MEDIUM POC
5.5 Apr 07

Buffer Overflow vulnerability in gdal 3.10.2 allows a local attacker to cause a denial of service via the OGRSpatialRefe

CVE-2026-4738 CRITICAL
9.4 Mar 24

A buffer overflow vulnerability in GDAL versions before 3.11.0 within the zlib infback9 module allows remote attackers t

CVE-2019-17546 HIGH
8.8 Oct 14

tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that

CVE-2026-49014 HIGH
7.4 May 27

Arbitrary code execution in GDAL 3.1.0 through 3.13.0 is reachable through the netCDF driver, where scanForGeometryConta

CVE-2026-8213 LOW POC
1.9 May 09

Heap-based buffer overflow in OSGeo GDAL's Grid File Handler (GDSDfldsrch function in frmts/hdf4/hdf-eos/GDapi.c) affect

CVE-2026-8212 LOW POC
1.9 May 09

Heap-based buffer overflow in GDAL's HDF4-EOS SWSDfldsrch function (frmts/hdf4/hdf-eos/SWapi.c) allows local authenticat

CVE-2026-8084 LOW POC
1.9 May 07

Out-of-bounds read in OSGeo GDAL up to version 3.13.0dev-4 occurs in the HDF-EOS Grid File Handler when parsing malforme

CVE-2026-8086 LOW POC
1.9 May 07

Heap-based buffer overflow in OSGeo GDAL up to 3.13.0dev-4 within the SWnentries function of the HDF4-EOS module allows

CVE-2026-8088 LOW POC
1.9 May 07

Out-of-bounds read in OSGeo GDAL up to version 3.13.0dev-4 affects the GDfieldinfo function in HDF-EOS module when proce

Share

CVE-2026-8087 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy