Low severity3.3NVD Advisory· Published May 7, 2026· Updated May 8, 2026

CVE-2026-8084

Description

A vulnerability was determined in OSGeo gdal up to 3.13.0dev-4. This vulnerability affects the function memmove of the file frmts/hdf4/hdf-eos/SWapi.c of the component HDF-EOS Grid File Handler. This manipulation causes out-of-bounds read. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized. Upgrading to version 3.13.0RC1 is able to resolve this issue. Patch name: a791f70f8eaec540974ec989ca6fb00266b7646c. Upgrading the affected component is advised.

Affected products

Osgeo/Gdalreferences4 versions
(expand)+ 3 more
- (no CPE)
- cpe:2.3:a:osgeo:gdal:*:*:*:*:*:*:*:*range: <=3.12.4
- cpe:2.3:a:osgeo:gdal:3.13.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:osgeo:gdal:3.13.0:beta2:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/OSGeo/gdal/commit/a791f70f8eaec540974ec989ca6fb00266b7646cnvdPatch
github.com/OSGeo/gdal/issues/14378nvdExploitIssue TrackingPatchVendor Advisory
github.com/biniamf/pocs/tree/main/gdal_swfinfo_dimlist_oob-rwnvdExploitThird Party Advisory
vuldb.com/submit/808034nvdExploitThird Party AdvisoryVDB Entry
github.com/biniamf/pocs/blob/main/gdal_swfinfo_dimlist_oob-rwnvdThird Party Advisory
vuldb.com/vuln/361838nvdThird Party AdvisoryVDB Entry
github.com/OSGeo/gdal/releases/tag/v3.13.0RC1nvdRelease Notes
vuldb.com/vuln/361838/ctinvdPermissions RequiredVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.214
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000