CVE-2026-8213
Received Received - Intake
Heap-based Buffer Overflow in OSGeo GDAL

Publication date: 2026-05-09

Last updated on: 2026-05-09

Assigner: VulDB

Description
A vulnerability has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this issue is the function GDSDfldsrch of the file frmts/hdf4/hdf-eos/GDapi.c of the component Grid File Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 3.13.0RC1 can resolve this issue. The identifier of the patch is 3e04c0385630e4d42517046d9a4967dfccfeb7fd. It is suggested to upgrade the affected component.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-09
Last Modified
2026-05-09
Generated
2026-05-10
AI Q&A
2026-05-10
EPSS Evaluated
N/A
NVD
CVE-2026-8213
EUVD
EUVD-2026-28949
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
osgeo gdal to 3.13.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-122 A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the OSGeo gdal software up to version 3.13.0dev-4, specifically in the function GDSDfldsrch within the file frmts/hdf4/hdf-eos/GDapi.c of the Grid File Handler component.

The issue is a heap-based buffer overflow caused by improper manipulation in that function.

An attacker must have local access to exploit this vulnerability.

The vulnerability has been publicly disclosed and exploits may be available.

Upgrading to version 3.13.0RC1 or later resolves this issue.


How can this vulnerability impact me? :

This vulnerability can lead to a heap-based buffer overflow, which may cause unexpected behavior such as application crashes or potential execution of arbitrary code.

Since the attack requires local access, an attacker with limited privileges on the affected system could exploit this to escalate privileges or disrupt service.

The impact severity is rated as low to medium depending on the CVSS version, but it still poses a security risk if left unpatched.


What immediate steps should I take to mitigate this vulnerability?

The immediate step to mitigate this vulnerability is to upgrade the affected OSGeo gdal component to version 3.13.0RC1 or later.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart