5.5

CVE-2026-8084

Exploit

OSGeo gdal HDF-EOS Grid File SWapi.c memmove out-of-bounds

A vulnerability was determined in OSGeo gdal up to 3.13.0dev-4. This vulnerability affects the function memmove of the file frmts/hdf4/hdf-eos/SWapi.c of the component HDF-EOS Grid File Handler. This manipulation causes out-of-bounds read. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized. Upgrading to version 3.13.0RC1 is able to resolve this issue. Patch name: a791f70f8eaec540974ec989ca6fb00266b7646c. Upgrading the affected component is advised.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OsgeoGdal Version <= 3.12.4
OsgeoGdal Version3.13.0 Updatebeta1
OsgeoGdal Version3.13.0 Updatebeta2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.26% 0.176
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
cna@vuldb.com 1.9 0 0
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com 3.3 1.8 1.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
cna@vuldb.com 1.7 3.1 2.9
AV:L/AC:L/Au:S/C:N/I:N/A:P
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://vuldb.com/vuln/361838
Third Party Advisory
VDB Entry
https://vuldb.com/vuln/361838/cti
VDB Entry
Permissions Required
https://vuldb.com/submit/808034
Third Party Advisory
Exploit
VDB Entry
https://github.com/biniamf/pocs/tree/main/gdal_swfinfo_dimlist_oob-rw
Third Party Advisory
Exploit
https://github.com/OSGeo/gdal/issues/14378
Patch
Vendor Advisory
Exploit
Issue Tracking
https://github.com/biniamf/pocs/blob/main/gdal_swfinfo_dimlist_oob-rw
Third Party Advisory
https://github.com/OSGeo/gdal/commit/a791f70f8eaec540974ec989ca6fb00266b7646c
Patch
https://github.com/OSGeo/gdal/releases/tag/v3.13.0RC1
Release Notes
https://github.com/OSGeo/gdal/
Product