Skip to main content

OSGeo GDAL CVE-2026-8213

| EUVDEUVD-2026-28949 LOW
Buffer Overflow (CWE-119)
2026-05-09 cna@vuldb.com GHSA-8q76-c96g-j64j
1.9
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
1.9 LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
Source Code Evidence Fetched
May 09, 2026 - 23:30 vuln.today
Analysis Generated
May 09, 2026 - 23:30 vuln.today
CVE Published
May 09, 2026 - 23:16 nvd
LOW 1.9

DescriptionCVE.org

A vulnerability has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this issue is the function GDSDfldsrch of the file frmts/hdf4/hdf-eos/GDapi.c of the component Grid File Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 3.13.0RC1 can resolve this issue. The identifier of the patch is 3e04c0385630e4d42517046d9a4967dfccfeb7fd. It is suggested to upgrade the affected component.

AnalysisAI

Heap-based buffer overflow in OSGeo GDAL's Grid File Handler (GDSDfldsrch function in frmts/hdf4/hdf-eos/GDapi.c) affects versions up to 3.13.0dev-4, allowing authenticated local attackers to cause memory corruption through malformed HDF4 grid files. The vulnerability results from unsafe string manipulation that fails to validate metadata field list format before performing memory operations. Publicly available exploit code exists; vendor-released patch available in version 3.13.0RC1.

Technical ContextAI

The vulnerability exists in the HDF4 (Hierarchical Data Format version 4) Grid File Handler component of GDAL, a geospatial data abstraction library. The GDSDfldsrch function in GDapi.c processes field metadata by retrieving a 'FieldList' value from HDF4 metadata structures and performing string manipulation to strip leading and trailing quote characters. The root cause (CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer) stems from the code performing memmove(name, name + 1, strlen(name) - 2) without first validating that the retrieved string is actually quoted or that its length is sufficient for the assumed structure. If a malformed HDF4 file provides a FieldList without proper quotes or of insufficient length, the length calculation (strlen(name) - 2) can underflow or cause out-of-bounds memory access. The fix validates both the string length (len >= 2) and the presence of surrounding quotes before performing the unsafe memory move operation.

RemediationAI

Upgrade to OSGeo GDAL version 3.13.0RC1 or later, which includes the security fix (commit 3e04c0385630e4d42517046d9a4967dfccfeb7fd). The patch adds validation to the GDSDfldsrch function in frmts/hdf4/hdf-eos/GDapi.c to check string length and quote character presence before performing memory operations. For users unable to upgrade immediately, restrict access to HDF4 files (.he4 format) to trusted sources only and avoid processing HDF4 grids from untrusted or external sources until patched. Disable HDF4 support in GDAL if the Grid File Handler component is not required for your application (this may require recompilation). Monitor for malicious HDF4 files in input data pipelines; the vulnerability is triggered only when reading specially crafted HDF4 grid files with malformed metadata. The public POC code demonstrates triggering the condition via files issue_14399.he4 and similar test cases; examine any similar files in your systems for potential exploitation.

More in Gdal

View all
CVE-2019-17545 CRITICAL
9.8 Oct 14

GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exce

CVE-2025-29480 MEDIUM POC
5.5 Apr 07

Buffer Overflow vulnerability in gdal 3.10.2 allows a local attacker to cause a denial of service via the OGRSpatialRefe

CVE-2026-4738 CRITICAL
9.4 Mar 24

A buffer overflow vulnerability in GDAL versions before 3.11.0 within the zlib infback9 module allows remote attackers t

CVE-2019-17546 HIGH
8.8 Oct 14

tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that

CVE-2026-49014 HIGH
7.4 May 27

Arbitrary code execution in GDAL 3.1.0 through 3.13.0 is reachable through the netCDF driver, where scanForGeometryConta

CVE-2026-8212 LOW POC
1.9 May 09

Heap-based buffer overflow in GDAL's HDF4-EOS SWSDfldsrch function (frmts/hdf4/hdf-eos/SWapi.c) allows local authenticat

CVE-2026-8087 LOW POC
1.9 May 07

Heap-based buffer overflow in OSGeo GDAL up to version 3.13.0dev-4 allows local authenticated attackers to corrupt memor

CVE-2026-8084 LOW POC
1.9 May 07

Out-of-bounds read in OSGeo GDAL up to version 3.13.0dev-4 occurs in the HDF-EOS Grid File Handler when parsing malforme

CVE-2026-8086 LOW POC
1.9 May 07

Heap-based buffer overflow in OSGeo GDAL up to 3.13.0dev-4 within the SWnentries function of the HDF4-EOS module allows

CVE-2026-8088 LOW POC
1.9 May 07

Out-of-bounds read in OSGeo GDAL up to version 3.13.0dev-4 affects the GDfieldinfo function in HDF-EOS module when proce

Share

CVE-2026-8213 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy