CVE-2026-8084
Heap-based Buffer Overflow in OSGeo GDAL
Publication date: 2026-05-07
Last updated on: 2026-05-08
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| osgeo | gdal | to 3.12.4 (inc) |
| osgeo | gdal | 3.13.0 |
| osgeo | gdal | 3.13.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-8084 is an out-of-bounds read vulnerability in the OSGeo GDAL library, specifically in the HDF-EOS Grid File Handler component within the SWapi.c file. The issue arises in the memmove function when it attempts to strip parentheses from a DimList metadata value without properly validating the string length. If the DimList value is empty or only a single character, the length calculation underflows, causing memmove to read an extremely large amount of memory beyond the allocated buffer. This leads to a crash due to invalid memory access.
The vulnerability is triggered locally when processing a crafted HDF-EOS swath file, for example via the gdalmdiminfo utility. The root cause is the assumption that DimList values are always parenthesized, which is not guaranteed. The issue was fixed by adding proper length checks before performing the memmove operation.
How can this vulnerability impact me? :
This vulnerability can cause a denial-of-service (DoS) condition by crashing applications that process maliciously crafted HDF-EOS grid files using the affected GDAL component. Since the out-of-bounds read leads to an immediate crash, attackers with local access can exploit this to disrupt services or applications relying on GDAL for geospatial data processing.
The attack requires local execution privileges, so remote exploitation is not possible. However, if an attacker can run code locally or trick a user into processing a malicious file, they can trigger this crash.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability is triggered locally when processing a malicious HDF-EOS grid file using the gdalmdiminfo utility. Detection involves identifying attempts to process crafted HDF-EOS swath files with malformed DimList metadata values that cause out-of-bounds reads.
One way to detect exploitation attempts is to monitor for crashes or abnormal behavior of the gdalmdiminfo tool when it processes HDF-EOS files.
Since the vulnerability is related to the SWfinfo function in SWapi.c and triggered by malformed DimList values, you can attempt to reproduce the issue by running gdalmdiminfo on suspicious or untrusted HDF-EOS files.
Example command to test a file for the vulnerability (use with caution on untrusted files):
- gdalmdiminfo suspicious_file.he4
If the tool crashes or exhibits abnormal behavior, it may indicate the presence of the vulnerability.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to upgrade the affected GDAL component to version 3.13.0RC1 or later, where the vulnerability has been fixed.
The fix involves adding bounds checking before performing string manipulation operations in the vulnerable SWapi.c file to prevent out-of-bounds reads.
Until the upgrade can be applied, avoid processing untrusted or malformed HDF-EOS grid files with gdalmdiminfo or other GDAL tools that use the vulnerable code.
Monitoring for crashes or abnormal behavior in GDAL utilities when handling HDF-EOS files can help detect exploitation attempts.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
There is no information provided in the available context or resources about how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.