CVE-2026-8086
Undergoing Analysis Undergoing Analysis - In Progress
Heap-based Buffer Overflow in OSGeo GDAL

Publication date: 2026-05-07

Last updated on: 2026-05-08

Assigner: VulDB

Description
A vulnerability was identified in OSGeo gdal up to 3.13.0dev-4. This issue affects the function SWnentries of the file frmts/hdf4/hdf-eos/SWapi.c. Such manipulation of the argument DimensionName leads to heap-based buffer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. Upgrading to version 3.12.4RC1 is capable of addressing this issue. The name of the patch is 9491e794f1757f08063ea2f7a274ad2994afa636. It is advisable to upgrade the affected component.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-07
Last Modified
2026-05-08
Generated
2026-06-19
AI Q&A
2026-05-07
EPSS Evaluated
2026-06-18
NVD
CVE-2026-8086
EUVD
EUVD-2026-28418
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
osgeo gdal to 3.12.4 (inc)
osgeo gdal 3.13.0
osgeo gdal 3.13.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-122 A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-8086 is a heap buffer overflow vulnerability in the GDAL library's HDF4/HDF-EOS driver, specifically in the SWinqdims function within the SWapi.c file.

The issue arises because the function SWnentries miscalculates the required buffer size by subtracting 2 bytes per dimension entry assuming all dimension names are double-quoted. However, crafted HDF-EOS files can supply unquoted dimension names, causing the buffer to be underallocated.

When SWinqdims appends dimension names to the buffer using strcat without proper bounds checking, it writes beyond the allocated heap buffer by 2 bytes per dimension entry, leading to a heap buffer overflow.

This vulnerability can be triggered by processing specially crafted HDF-EOS swath files and affects any application using GDAL's HDF4/HDF-EOS multidimensional API to open such files.

Impact Analysis

The heap buffer overflow caused by this vulnerability can lead to denial of service or potentially controlled heap out-of-bounds writes.

An attacker with local access can exploit this vulnerability by providing a specially crafted HDF-EOS swath file to cause memory corruption.

This may result in application crashes, instability, or potentially allow an attacker to execute arbitrary code or manipulate memory in unintended ways.

Detection Guidance

This vulnerability can be detected by testing the GDAL library's handling of specially crafted HDF-EOS swath files that exploit the heap buffer overflow in the SWinqdims function. A proof-of-concept exploit file named poc_swinqdims_bof.he4 is available to demonstrate the issue.

Detection involves attempting to process such crafted HDF-EOS swath files with the vulnerable GDAL version and observing for crashes or abnormal behavior indicating a heap buffer overflow.

Specific commands are not explicitly provided in the resources, but a typical approach would be to use GDAL command-line tools (such as gdalinfo) to open or inspect the crafted file, for example:

  • gdalinfo poc_swinqdims_bof.he4

If the vulnerable function is triggered, this command may cause a crash or error indicative of the vulnerability.

Mitigation Strategies

The primary mitigation step is to upgrade the GDAL library to version 3.12.4RC1 or later, where the vulnerability has been fixed.

The fix involves patching the SWnentries function to correctly calculate buffer sizes and replacing unsafe string concatenation with safer alternatives to prevent heap buffer overflow.

If upgrading immediately is not possible, avoid processing untrusted or specially crafted HDF-EOS swath files with vulnerable versions of GDAL.

Monitoring for updates and applying the patch identified by commit 9491e794f1757f08063ea2f7a274ad2994afa636 is recommended.

Compliance Impact

The provided information about CVE-2026-8086 does not include any details regarding its impact on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-8086. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart