Low severity3.3NVD Advisory· Published May 7, 2026· Updated May 8, 2026
CVE-2026-8084
CVE-2026-8084
Description
A vulnerability was determined in OSGeo gdal up to 3.13.0dev-4. This vulnerability affects the function memmove of the file frmts/hdf4/hdf-eos/SWapi.c of the component HDF-EOS Grid File Handler. This manipulation causes out-of-bounds read. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized. Upgrading to version 3.13.0RC1 is able to resolve this issue. Patch name: a791f70f8eaec540974ec989ca6fb00266b7646c. Upgrading the affected component is advised.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
6Patches
Vulnerability mechanics
References
8- github.com/OSGeo/gdal/commit/a791f70f8eaec540974ec989ca6fb00266b7646cnvdPatch
- github.com/OSGeo/gdal/issues/14378nvdExploitIssue TrackingPatchVendor Advisory
- github.com/biniamf/pocs/tree/main/gdal_swfinfo_dimlist_oob-rwnvdExploitThird Party Advisory
- vuldb.com/submit/808034nvdExploitThird Party AdvisoryVDB Entry
- github.com/biniamf/pocs/blob/main/gdal_swfinfo_dimlist_oob-rwnvdThird Party Advisory
- vuldb.com/vuln/361838nvdThird Party AdvisoryVDB Entry
- github.com/OSGeo/gdal/releases/tag/v3.13.0RC1nvdRelease Notes
- vuldb.com/vuln/361838/ctinvdPermissions RequiredVDB Entry
News mentions
0No linked articles in our index yet.