Skip to main content

OSGeo GDAL CVE-2026-8212

| EUVDEUVD-2026-28948 LOW
Heap-based Buffer Overflow (CWE-122)
2026-05-09 VulDB GHSA-r5m4-5vww-w9f5
1.9
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
1.9 LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

5
Source Code Evidence Fetched
May 09, 2026 - 23:30 vuln.today
Analysis Generated
May 09, 2026 - 23:30 vuln.today
Severity Changed
May 09, 2026 - 23:22 NVD
MEDIUM LOW
CVSS changed
May 09, 2026 - 23:22 NVD
5.3 (MEDIUM) 1.9 (LOW)
CVE Published
May 09, 2026 - 22:30 nvd
LOW 1.9

DescriptionCVE.org

A flaw has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this vulnerability is the function SWSDfldsrch of the file frmts/hdf4/hdf-eos/SWapi.c. Executing a manipulation can lead to heap-based buffer overflow. The attack requires local access. The exploit has been published and may be used. Upgrading to version 3.13.0RC1 addresses this issue. This patch is called 3e04c0385630e4d42517046d9a4967dfccfeb7fd. The affected component should be upgraded.

AnalysisAI

Heap-based buffer overflow in GDAL's HDF4-EOS SWSDfldsrch function (frmts/hdf4/hdf-eos/SWapi.c) allows local authenticated attackers to cause memory corruption through manipulation of malformed HDF4 files. The vulnerability stems from unsafe string manipulation that fails to validate metadata field list format before stripping quotes, enabling out-of-bounds writes. Affects GDAL up to version 3.13.0dev-4; patch available in version 3.13.0RC1. Publicly available exploit code exists.

Technical ContextAI

The vulnerability exists in the SWSDfldsrch function within GDAL's HDF4-EOS API layer, specifically in quote-stripping logic applied to HDF4 field list metadata. The root cause (CWE-122: Heap-based Buffer Overflow) occurs when the code performs memmove(name, name + 1, strlen(name) - 2) without first validating that the name buffer actually contains quoted strings or that the computed lengths are safe. If EHgetmetavalue returns a malformed or empty string, or a string without proper quotes, the memmove operation writes beyond allocated heap boundaries. The patch adds bounds checking (len >= 2 && name[0] '"' && name[len-1] '"') and validates EHgetmetavalue return status before performing string manipulation. This affects HDF4 file parsing in GDAL's geospatial raster data handling, triggered when opening or reading HDF4 files with crafted metadata.

RemediationAI

Vendor-released patch: Upgrade GDAL to version 3.13.0RC1 or later. The fix commit 3e04c0385630e4d42517046d9a4967dfccfeb7fd adds return-status validation and bounds checking before string manipulation in both SWapi.c and GDapi.c. For installations unable to upgrade immediately, disable HDF4 driver compilation (--without-hdf4 at build time) if HDF4 support is not essential. Alternatively, implement strict file upload validation: reject HDF4 files with malformed metadata or implement sandboxed processing of HDF4 inputs (e.g., containerized GDAL instances with resource limits). Note: Disabling HDF4 support may impact geospatial workflows relying on HDF4 EOS data (MODIS, etc.). Patch validation: confirm 3e04c0385630e4d42517046d9a4967dfccfeb7fd is present in your GDAL build; check GDAL version with gdalinfo --version.

More in Gdal

View all
CVE-2019-17545 CRITICAL
9.8 Oct 14

GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exce

CVE-2025-29480 MEDIUM POC
5.5 Apr 07

Buffer Overflow vulnerability in gdal 3.10.2 allows a local attacker to cause a denial of service via the OGRSpatialRefe

CVE-2026-4738 CRITICAL
9.4 Mar 24

A buffer overflow vulnerability in GDAL versions before 3.11.0 within the zlib infback9 module allows remote attackers t

CVE-2019-17546 HIGH
8.8 Oct 14

tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that

CVE-2026-49014 HIGH
7.4 May 27

Arbitrary code execution in GDAL 3.1.0 through 3.13.0 is reachable through the netCDF driver, where scanForGeometryConta

CVE-2026-8213 LOW POC
1.9 May 09

Heap-based buffer overflow in OSGeo GDAL's Grid File Handler (GDSDfldsrch function in frmts/hdf4/hdf-eos/GDapi.c) affect

CVE-2026-8087 LOW POC
1.9 May 07

Heap-based buffer overflow in OSGeo GDAL up to version 3.13.0dev-4 allows local authenticated attackers to corrupt memor

CVE-2026-8084 LOW POC
1.9 May 07

Out-of-bounds read in OSGeo GDAL up to version 3.13.0dev-4 occurs in the HDF-EOS Grid File Handler when parsing malforme

CVE-2026-8086 LOW POC
1.9 May 07

Heap-based buffer overflow in OSGeo GDAL up to 3.13.0dev-4 within the SWnentries function of the HDF4-EOS module allows

CVE-2026-8088 LOW POC
1.9 May 07

Out-of-bounds read in OSGeo GDAL up to version 3.13.0dev-4 affects the GDfieldinfo function in HDF-EOS module when proce

Share

CVE-2026-8212 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy