CVE-2026-8088
Out-of-Bounds Read in OSGeo GDAL
Publication date: 2026-05-07
Last updated on: 2026-05-08
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| osgeo | gdal | to 3.12.4 (inc) |
| osgeo | gdal | 3.13.0 |
| osgeo | gdal | 3.13.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not include any details about the impact of CVE-2026-8088 on compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
CVE-2026-8088 is an out-of-bounds read vulnerability in the GDAL library's HDF4-EOS driver, specifically in the GDfieldinfo function within the GDapi.c file.
The issue occurs when processing a DimList metadata string in HDF-EOS grid files. The vulnerable code attempts to remove the leading and trailing parentheses from the DimList string using memmove without validating the string length.
If the DimList string is empty or contains only one character, the length calculation underflows due to unsigned arithmetic, causing memmove to read far beyond the allocated buffer. This leads to a segmentation fault (crash) and denial of service.
The vulnerability can be triggered locally by processing a specially crafted malicious HDF-EOS grid file using tools like gdalmdiminfo.
How can this vulnerability impact me? :
This vulnerability can cause a denial-of-service condition by crashing applications that process maliciously crafted HDF-EOS grid files.
Since the exploit requires local access to launch, an attacker with local privileges could cause the affected software to crash, potentially disrupting services or workflows that rely on GDAL for processing HDF-EOS data.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to process a specially crafted HDF-EOS grid file that triggers the out-of-bounds read in the GDfieldinfo function of GDAL. The exploit is triggered when using the tool gdalmdiminfo on malicious files.
A practical detection method is to run the command `gdalmdiminfo` on suspicious or untrusted HDF-EOS grid files and observe if the process crashes with a segmentation fault (SIGSEGV), indicating the vulnerability is present.
- Run `gdalmdiminfo <file>` on HDF-EOS grid files to check for crashes.
- Monitor for segmentation faults or denial-of-service behavior during processing of HDF-EOS files.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade the affected GDAL component to version 3.13.0RC1 or later, which includes the patch a791f70f8eaec540974ec989ca6fb00266b7646c that fixes this vulnerability.
The patch adds proper bounds checking before string manipulation to prevent the out-of-bounds read.
- Upgrade GDAL to version 3.13.0RC1 or newer.
- Avoid processing untrusted or malicious HDF-EOS grid files until the upgrade is applied.