7.8

CVE-2026-8086

Exploit

OSGeo gdal SWapi.c SWnentries heap-based overflow

A vulnerability was identified in OSGeo gdal up to 3.13.0dev-4. This issue affects the function SWnentries of the file frmts/hdf4/hdf-eos/SWapi.c. Such manipulation of the argument DimensionName leads to heap-based buffer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. Upgrading to version 3.12.4RC1 is capable of addressing this issue. The name of the patch is 9491e794f1757f08063ea2f7a274ad2994afa636. It is advisable to upgrade the affected component.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OsgeoGdal Version <= 3.12.4
OsgeoGdal Version3.13.0 Updatebeta1
OsgeoGdal Version3.13.0 Updatebeta2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.24% 0.145
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cna@vuldb.com 1.9 0 0
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com 5.3 1.8 3.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
cna@vuldb.com 4.3 3.1 6.4
AV:L/AC:L/Au:S/C:P/I:P/A:P
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

CWE-122 Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

https://github.com/OSGeo/gdal/
Product
https://vuldb.com/vuln/361839
Third Party Advisory
VDB Entry
https://vuldb.com/vuln/361839/cti
VDB Entry
Permissions Required
https://vuldb.com/submit/808038
Third Party Advisory
Exploit
VDB Entry
https://github.com/OSGeo/gdal/issues/14356
Patch
Vendor Advisory
Exploit
Issue Tracking
https://github.com/OSGeo/gdal/pull/14361
Patch
Issue Tracking
https://github.com/biniamf/pocs/tree/main/gdal-swinqdims_bof
Third Party Advisory
Exploit
https://github.com/OSGeo/gdal/commit/9491e794f1757f08063ea2f7a274ad2994afa636
Patch
https://github.com/OSGeo/gdal/releases/tag/v3.12.4RC1
Release Notes