CVE-2026-8212
Analyzed Analyzed - Analysis Complete
Heap-based Buffer Overflow in OSGeo GDAL

Publication date: 2026-05-09

Last updated on: 2026-05-19

Assigner: VulDB

Description
A flaw has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this vulnerability is the function SWSDfldsrch of the file frmts/hdf4/hdf-eos/SWapi.c. Executing a manipulation can lead to heap-based buffer overflow. The attack requires local access. The exploit has been published and may be used. Upgrading to version 3.13.0RC1 addresses this issue. This patch is called 3e04c0385630e4d42517046d9a4967dfccfeb7fd. The affected component should be upgraded.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-09
Last Modified
2026-05-19
Generated
2026-06-19
AI Q&A
2026-05-10
EPSS Evaluated
2026-06-18
NVD
CVE-2026-8212
EUVD
EUVD-2026-28948
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
osgeo gdal to 3.12.4 (inc)
osgeo gdal 3.13.0
osgeo gdal 3.13.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
CWE-122 A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a flaw found in the OSGeo gdal software up to version 3.13.0dev-4, specifically in the function SWSDfldsrch within the file frmts/hdf4/hdf-eos/SWapi.c. It allows an attacker with local access to perform a manipulation that leads to a heap-based buffer overflow.

A heap-based buffer overflow occurs when more data is written to a buffer located on the heap than it can hold, potentially leading to crashes or arbitrary code execution.

The vulnerability has an available exploit and can be addressed by upgrading to version 3.13.0RC1, which includes a patch identified as 3e04c0385630e4d42517046d9a4967dfccfeb7fd.

Impact Analysis

If exploited, this vulnerability can lead to a heap-based buffer overflow, which may cause the affected application to crash or allow an attacker to execute arbitrary code with the privileges of the affected process.

Since the attack requires local access, an attacker would need to have some level of access to the system to exploit this flaw.

The impact includes potential system instability, data corruption, or unauthorized actions performed by malicious code.

Mitigation Strategies

The immediate step to mitigate this vulnerability is to upgrade the affected OSGeo gdal component to version 3.13.0RC1 or later, as this version addresses the issue.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-8212. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart