CVE-2026-8084

medium

Description

A vulnerability was determined in OSGeo gdal up to 3.13.0dev-4. This vulnerability affects the function memmove of the file frmts/hdf4/hdf-eos/SWapi.c of the component HDF-EOS Grid File Handler. This manipulation causes out-of-bounds read. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized. Upgrading to version 3.13.0RC1 is able to resolve this issue. Patch name: a791f70f8eaec540974ec989ca6fb00266b7646c. Upgrading the affected component is advised.

References

Exploits
More

https://github.com/biniamf/pocs/tree/main/gdal_swfinfo_dimlist_oob-rw

https://github.com/biniamf/pocs/blob/main/gdal_swfinfo_dimlist_oob-rw

https://vuldb.com/vuln/361838/cti

https://vuldb.com/vuln/361838

https://vuldb.com/submit/808034

https://github.com/OSGeo/gdal/releases/tag/v3.13.0RC1

https://github.com/OSGeo/gdal/issues/14378

https://github.com/OSGeo/gdal/commit/a791f70f8eaec540974ec989ca6fb00266b7646c

https://github.com/OSGeo/gdal/

Details

Source: Mitre, NVD

Published: 2026-05-07

Updated: 2026-05-07

Risk Information

CVSS v2

Base Score: 1.7

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:P

Severity: Low

CVSS v3

Base Score: 3.3

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Severity: Low

CVSS v4

Base Score: 4.8

Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Severity: Medium