CVE-2026-8087
Analyzed Analyzed - Analysis Complete
Heap-based Buffer Overflow in OSGeo GDAL

Publication date: 2026-05-07

Last updated on: 2026-05-08

Assigner: VulDB

Description
A security flaw has been discovered in OSGeo gdal up to 3.13.0dev-4. Impacted is the function GDnentries of the file frmts/hdf4/hdf-eos/GDapi.c. Performing a manipulation of the argument DataFieldName results in heap-based buffer overflow. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. Upgrading to version 3.13.0RC1 is recommended to address this issue. The patch is named 184f77dbcc74118c062c05e464c88161d3c37b9b. You should upgrade the affected component.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-07
Last Modified
2026-05-08
Generated
2026-06-19
AI Q&A
2026-05-07
EPSS Evaluated
2026-06-18
NVD
CVE-2026-8087
EUVD
EUVD-2026-28435
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
osgeo gdal to 3.12.4 (inc)
osgeo gdal 3.13.0
osgeo gdal 3.13.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-122 A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-8087 is a heap-based buffer overflow vulnerability in the GDAL library's HDF4/HDF-EOS multidimensional grid API, specifically in the GDnentries function of the file GDapi.c.

The vulnerability arises because the function incorrectly calculates the buffer size needed to store DataFieldName values. It assumes all metadata values are quoted and subtracts 2 from the string length to account for the quotes. However, if unquoted values are processed, this subtraction causes the buffer to be undersized.

When the code then uses strcat to append these values into the buffer, it writes beyond the allocated memory, causing a heap buffer overflow.

This flaw can be triggered by processing a maliciously crafted HDF-EOS swath file, potentially leading to denial of service or controlled out-of-bounds writes.

Impact Analysis

This vulnerability can lead to a heap buffer overflow when processing specially crafted HDF-EOS files using GDAL's HDF4/HDF-EOS multidimensional grid functionality.

The impact includes potential denial of service (application crashes) or, in some cases, the possibility of arbitrary code execution if an attacker can control the overflow.

Since the attack must be initiated locally, an attacker would need local access to exploit this vulnerability.

Applications using the affected GDAL versions to open or process these grid-format files are at risk.

Detection Guidance

This vulnerability can be detected by identifying if your system or applications use the GDAL library's HDF4/HDF-EOS multidimensional grid functionality, specifically the GDnentries function in GDapi.c. Detection involves checking for the presence of vulnerable GDAL versions up to 3.13.0dev-4.

Since the vulnerability is triggered by processing crafted HDF-EOS swath files with unquoted DataFieldName values, one detection method is to test the system with known proof-of-concept files such as 'poc_gdinqfields_bof.he4' to see if the application crashes or behaves unexpectedly.

There are no specific network commands provided in the resources, but you can check the installed GDAL version with commands like:

  • gdalinfo --version
  • gdal-config --version

Additionally, monitoring application logs for crashes or heap buffer overflow errors when processing HDF4/HDF-EOS files may help detect exploitation attempts.

Mitigation Strategies

The primary mitigation step is to upgrade the GDAL library to version 3.13.0RC1 or later, where the vulnerability has been fixed.

The fix involves a patch (commit 184f77dbcc74118c062c05e464c88161d3c37b9b) that corrects the buffer size calculation in the GDnentries function to properly handle quoted and unquoted string values, preventing heap buffer overflow.

If upgrading immediately is not possible, avoid processing untrusted or malicious HDF-EOS swath files that could trigger the vulnerability.

Also, monitor for any unusual crashes or behavior in applications using GDAL's HDF4/HDF-EOS functionality and apply any vendor or community patches as soon as they become available.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-8087. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart