CVE-2026-8213
Analyzed Analyzed - Analysis Complete
Heap-based Buffer Overflow in OSGeo GDAL

Publication date: 2026-05-09

Last updated on: 2026-05-19

Assigner: VulDB

Description
A vulnerability has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this issue is the function GDSDfldsrch of the file frmts/hdf4/hdf-eos/GDapi.c of the component Grid File Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 3.13.0RC1 can resolve this issue. The identifier of the patch is 3e04c0385630e4d42517046d9a4967dfccfeb7fd. It is suggested to upgrade the affected component.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-09
Last Modified
2026-05-19
Generated
2026-06-19
AI Q&A
2026-05-10
EPSS Evaluated
2026-06-18
NVD
CVE-2026-8213
EUVD
EUVD-2026-28949
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
osgeo gdal to 3.12.4 (inc)
osgeo gdal 3.13.0
osgeo gdal 3.13.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
CWE-122 A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the OSGeo gdal software up to version 3.13.0dev-4, specifically in the function GDSDfldsrch within the file frmts/hdf4/hdf-eos/GDapi.c of the Grid File Handler component.

The issue is a heap-based buffer overflow caused by improper manipulation in that function.

An attacker must have local access to exploit this vulnerability.

The vulnerability has been publicly disclosed and exploits may be available.

Upgrading to version 3.13.0RC1 or later resolves this issue.

Impact Analysis

This vulnerability can lead to a heap-based buffer overflow, which may cause unexpected behavior such as application crashes or potential execution of arbitrary code.

Since the attack requires local access, an attacker with limited privileges on the affected system could exploit this to escalate privileges or disrupt service.

The impact severity is rated as low to medium depending on the CVSS version, but it still poses a security risk if left unpatched.

Mitigation Strategies

The immediate step to mitigate this vulnerability is to upgrade the affected OSGeo gdal component to version 3.13.0RC1 or later.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-8213. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart