CVE-2026-8212
Heap-based Buffer Overflow in OSGeo GDAL
Publication date: 2026-05-09
Last updated on: 2026-05-09
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| osgeo | gdal | to 3.13.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-122 | A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc(). |
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a flaw found in the OSGeo gdal software up to version 3.13.0dev-4, specifically in the function SWSDfldsrch within the file frmts/hdf4/hdf-eos/SWapi.c. It allows an attacker with local access to perform a manipulation that leads to a heap-based buffer overflow.
A heap-based buffer overflow occurs when more data is written to a buffer located on the heap than it can hold, potentially leading to crashes or arbitrary code execution.
The vulnerability has an available exploit and can be addressed by upgrading to version 3.13.0RC1, which includes a patch identified as 3e04c0385630e4d42517046d9a4967dfccfeb7fd.
How can this vulnerability impact me? :
If exploited, this vulnerability can lead to a heap-based buffer overflow, which may cause the affected application to crash or allow an attacker to execute arbitrary code with the privileges of the affected process.
Since the attack requires local access, an attacker would need to have some level of access to the system to exploit this flaw.
The impact includes potential system instability, data corruption, or unauthorized actions performed by malicious code.
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to upgrade the affected OSGeo gdal component to version 3.13.0RC1 or later, as this version addresses the issue.