CVE-2026-8087
Heap-based Buffer Overflow in OSGeo GDAL
Publication date: 2026-05-07
Last updated on: 2026-05-08
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| osgeo | gdal | to 3.12.4 (inc) |
| osgeo | gdal | 3.13.0 |
| osgeo | gdal | 3.13.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-122 | A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc(). |
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-8087 is a heap-based buffer overflow vulnerability in the GDAL library's HDF4/HDF-EOS multidimensional grid API, specifically in the GDnentries function of the file GDapi.c.
The vulnerability arises because the function incorrectly calculates the buffer size needed to store DataFieldName values. It assumes all metadata values are quoted and subtracts 2 from the string length to account for the quotes. However, if unquoted values are processed, this subtraction causes the buffer to be undersized.
When the code then uses strcat to append these values into the buffer, it writes beyond the allocated memory, causing a heap buffer overflow.
This flaw can be triggered by processing a maliciously crafted HDF-EOS swath file, potentially leading to denial of service or controlled out-of-bounds writes.
How can this vulnerability impact me? :
This vulnerability can lead to a heap buffer overflow when processing specially crafted HDF-EOS files using GDAL's HDF4/HDF-EOS multidimensional grid functionality.
The impact includes potential denial of service (application crashes) or, in some cases, the possibility of arbitrary code execution if an attacker can control the overflow.
Since the attack must be initiated locally, an attacker would need local access to exploit this vulnerability.
Applications using the affected GDAL versions to open or process these grid-format files are at risk.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by identifying if your system or applications use the GDAL library's HDF4/HDF-EOS multidimensional grid functionality, specifically the GDnentries function in GDapi.c. Detection involves checking for the presence of vulnerable GDAL versions up to 3.13.0dev-4.
Since the vulnerability is triggered by processing crafted HDF-EOS swath files with unquoted DataFieldName values, one detection method is to test the system with known proof-of-concept files such as 'poc_gdinqfields_bof.he4' to see if the application crashes or behaves unexpectedly.
There are no specific network commands provided in the resources, but you can check the installed GDAL version with commands like:
- gdalinfo --version
- gdal-config --version
Additionally, monitoring application logs for crashes or heap buffer overflow errors when processing HDF4/HDF-EOS files may help detect exploitation attempts.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to upgrade the GDAL library to version 3.13.0RC1 or later, where the vulnerability has been fixed.
The fix involves a patch (commit 184f77dbcc74118c062c05e464c88161d3c37b9b) that corrects the buffer size calculation in the GDnentries function to properly handle quoted and unquoted string values, preventing heap buffer overflow.
If upgrading immediately is not possible, avoid processing untrusted or malicious HDF-EOS swath files that could trigger the vulnerability.
Also, monitor for any unusual crashes or behavior in applications using GDAL's HDF4/HDF-EOS functionality and apply any vendor or community patches as soon as they become available.