CVE-2026-8088
Undergoing Analysis Undergoing Analysis - In Progress
Out-of-Bounds Read in OSGeo GDAL

Publication date: 2026-05-07

Last updated on: 2026-05-08

Assigner: VulDB

Description
A weakness has been identified in OSGeo gdal up to 3.13.0dev-4. The affected element is the function GDfieldinfo of the file frmts/hdf4/hdf-eos/GDapi.c. Executing a manipulation can lead to out-of-bounds read. The attack needs to be launched locally. The exploit has been made available to the public and could be used for attacks. Upgrading to version 3.13.0RC1 is sufficient to fix this issue. This patch is called a791f70f8eaec540974ec989ca6fb00266b7646c. The affected component should be upgraded.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-07
Last Modified
2026-05-08
Generated
2026-06-19
AI Q&A
2026-05-07
EPSS Evaluated
2026-06-18
NVD
CVE-2026-8088
EUVD
EUVD-2026-28436
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
osgeo gdal to 3.12.4 (inc)
osgeo gdal 3.13.0
osgeo gdal 3.13.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-8088 is an out-of-bounds read vulnerability in the GDAL library's HDF4-EOS driver, specifically in the GDfieldinfo function within the GDapi.c file.

The issue occurs when processing a DimList metadata string in HDF-EOS grid files. The vulnerable code attempts to remove the leading and trailing parentheses from the DimList string using memmove without validating the string length.

If the DimList string is empty or contains only one character, the length calculation underflows due to unsigned arithmetic, causing memmove to read far beyond the allocated buffer. This leads to a segmentation fault (crash) and denial of service.

The vulnerability can be triggered locally by processing a specially crafted malicious HDF-EOS grid file using tools like gdalmdiminfo.

Impact Analysis

This vulnerability can cause a denial-of-service condition by crashing applications that process maliciously crafted HDF-EOS grid files.

Since the exploit requires local access to launch, an attacker with local privileges could cause the affected software to crash, potentially disrupting services or workflows that rely on GDAL for processing HDF-EOS data.

Detection Guidance

This vulnerability can be detected by attempting to process a specially crafted HDF-EOS grid file that triggers the out-of-bounds read in the GDfieldinfo function of GDAL. The exploit is triggered when using the tool gdalmdiminfo on malicious files.

A practical detection method is to run the command `gdalmdiminfo` on suspicious or untrusted HDF-EOS grid files and observe if the process crashes with a segmentation fault (SIGSEGV), indicating the vulnerability is present.

  • Run `gdalmdiminfo <file>` on HDF-EOS grid files to check for crashes.
  • Monitor for segmentation faults or denial-of-service behavior during processing of HDF-EOS files.
Mitigation Strategies

The immediate mitigation step is to upgrade the affected GDAL component to version 3.13.0RC1 or later, which includes the patch a791f70f8eaec540974ec989ca6fb00266b7646c that fixes this vulnerability.

The patch adds proper bounds checking before string manipulation to prevent the out-of-bounds read.

  • Upgrade GDAL to version 3.13.0RC1 or newer.
  • Avoid processing untrusted or malicious HDF-EOS grid files until the upgrade is applied.
Compliance Impact

The provided information does not include any details about the impact of CVE-2026-8088 on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-8088. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart