CVE-2026-8086
Heap-based Buffer Overflow in OSGeo GDAL
Publication date: 2026-05-07
Last updated on: 2026-05-08
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| osgeo | gdal | to 3.12.4 (inc) |
| osgeo | gdal | 3.13.0 |
| osgeo | gdal | 3.13.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-122 | A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc(). |
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-8086 is a heap buffer overflow vulnerability in the GDAL library's HDF4/HDF-EOS driver, specifically in the SWinqdims function within the SWapi.c file.
The issue arises because the function SWnentries miscalculates the required buffer size by subtracting 2 bytes per dimension entry assuming all dimension names are double-quoted. However, crafted HDF-EOS files can supply unquoted dimension names, causing the buffer to be underallocated.
When SWinqdims appends dimension names to the buffer using strcat without proper bounds checking, it writes beyond the allocated heap buffer by 2 bytes per dimension entry, leading to a heap buffer overflow.
This vulnerability can be triggered by processing specially crafted HDF-EOS swath files and affects any application using GDAL's HDF4/HDF-EOS multidimensional API to open such files.
How can this vulnerability impact me? :
The heap buffer overflow caused by this vulnerability can lead to denial of service or potentially controlled heap out-of-bounds writes.
An attacker with local access can exploit this vulnerability by providing a specially crafted HDF-EOS swath file to cause memory corruption.
This may result in application crashes, instability, or potentially allow an attacker to execute arbitrary code or manipulate memory in unintended ways.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the GDAL library's handling of specially crafted HDF-EOS swath files that exploit the heap buffer overflow in the SWinqdims function. A proof-of-concept exploit file named poc_swinqdims_bof.he4 is available to demonstrate the issue.
Detection involves attempting to process such crafted HDF-EOS swath files with the vulnerable GDAL version and observing for crashes or abnormal behavior indicating a heap buffer overflow.
Specific commands are not explicitly provided in the resources, but a typical approach would be to use GDAL command-line tools (such as gdalinfo) to open or inspect the crafted file, for example:
- gdalinfo poc_swinqdims_bof.he4
If the vulnerable function is triggered, this command may cause a crash or error indicative of the vulnerability.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to upgrade the GDAL library to version 3.12.4RC1 or later, where the vulnerability has been fixed.
The fix involves patching the SWnentries function to correctly calculate buffer sizes and replacing unsafe string concatenation with safer alternatives to prevent heap buffer overflow.
If upgrading immediately is not possible, avoid processing untrusted or specially crafted HDF-EOS swath files with vulnerable versions of GDAL.
Monitoring for updates and applying the patch identified by commit 9491e794f1757f08063ea2f7a274ad2994afa636 is recommended.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information about CVE-2026-8086 does not include any details regarding its impact on compliance with common standards and regulations such as GDPR or HIPAA.