Skip to main content

OSGeo GDAL CVE-2026-8088

| EUVDEUVD-2026-28436 LOW
Out-of-bounds Read (CWE-125)
2026-05-07 VulDB GHSA-j3f5-rw74-g4rv
1.9
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
1.9 LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

4
Source Code Evidence Fetched
May 07, 2026 - 20:31 vuln.today
Analysis Generated
May 07, 2026 - 20:31 vuln.today
CVSS changed
May 07, 2026 - 20:22 NVD
3.3 (LOW) 1.9 (LOW)
CVE Published
May 07, 2026 - 19:30 nvd
LOW 1.9

DescriptionCVE.org

A weakness has been identified in OSGeo gdal up to 3.13.0dev-4. The affected element is the function GDfieldinfo of the file frmts/hdf4/hdf-eos/GDapi.c. Executing a manipulation can lead to out-of-bounds read. The attack needs to be launched locally. The exploit has been made available to the public and could be used for attacks. Upgrading to version 3.13.0RC1 is sufficient to fix this issue. This patch is called a791f70f8eaec540974ec989ca6fb00266b7646c. The affected component should be upgraded.

AnalysisAI

Out-of-bounds read in OSGeo GDAL up to version 3.13.0dev-4 affects the GDfieldinfo function in HDF-EOS module when processing malformed HDF4 files. A locally authenticated attacker can trigger memory disclosure by crafting a specially formatted HDF4 file. Publicly available exploit code exists. The vulnerability is fixed in GDAL 3.13.0RC1 and later.

Technical ContextAI

The vulnerability resides in the GDfieldinfo function of frmts/hdf4/hdf-eos/GDapi.c, which parses HDF-EOS metadata from HDF4 files. The function uses memmove and string manipulation to process dimension list strings without proper bounds checking. The vulnerable code attempts to strip parentheses from field name strings by performing a string length calculation and then shifting memory, but fails to validate that the string is at least 2 characters long and properly terminated before accessing array indices. This violates CWE-125 (Out-of-bounds Read), allowing reads beyond allocated buffer boundaries. The similar vulnerability pattern also exists in SWapi.c (SWfinfo function) and is patched identically. The fix adds explicit length validation before the memmove operation, ensuring the string has minimum length 2 and proper parenthetical structure.

RemediationAI

Upgrade OSGeo GDAL to version 3.13.0RC1 or later. The upstream commit a791f70f8eaec540974ec989ca6fb00266b7646c has been released in the v3.13.0RC1 tag. Organizations unable to upgrade immediately should restrict local system access to trusted users only and disable or isolate HDF4 file processing from untrusted sources. If HDF4 processing is not required, disabling the HDF4 driver at compile time (--without-hdf4) eliminates exposure entirely. A temporary workaround involves validating HDF4 files with an external tool before processing, though this is less reliable than patching. The patch involves minimal code changes (bounds checking before string manipulation) with no breaking API changes or performance impact.

More in Gdal

View all
CVE-2019-17545 CRITICAL
9.8 Oct 14

GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exce

CVE-2025-29480 MEDIUM POC
5.5 Apr 07

Buffer Overflow vulnerability in gdal 3.10.2 allows a local attacker to cause a denial of service via the OGRSpatialRefe

CVE-2026-4738 CRITICAL
9.4 Mar 24

A buffer overflow vulnerability in GDAL versions before 3.11.0 within the zlib infback9 module allows remote attackers t

CVE-2019-17546 HIGH
8.8 Oct 14

tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that

CVE-2026-49014 HIGH
7.4 May 27

Arbitrary code execution in GDAL 3.1.0 through 3.13.0 is reachable through the netCDF driver, where scanForGeometryConta

CVE-2026-8213 LOW POC
1.9 May 09

Heap-based buffer overflow in OSGeo GDAL's Grid File Handler (GDSDfldsrch function in frmts/hdf4/hdf-eos/GDapi.c) affect

CVE-2026-8212 LOW POC
1.9 May 09

Heap-based buffer overflow in GDAL's HDF4-EOS SWSDfldsrch function (frmts/hdf4/hdf-eos/SWapi.c) allows local authenticat

CVE-2026-8087 LOW POC
1.9 May 07

Heap-based buffer overflow in OSGeo GDAL up to version 3.13.0dev-4 allows local authenticated attackers to corrupt memor

CVE-2026-8084 LOW POC
1.9 May 07

Out-of-bounds read in OSGeo GDAL up to version 3.13.0dev-4 occurs in the HDF-EOS Grid File Handler when parsing malforme

CVE-2026-8086 LOW POC
1.9 May 07

Heap-based buffer overflow in OSGeo GDAL up to 3.13.0dev-4 within the SWnentries function of the HDF4-EOS module allows

Share

CVE-2026-8088 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy