CVE-2026-8086

Name
CVE-2026-8086
Description
A vulnerability was identified in OSGeo gdal up to 3.13.0dev-4. This issue affects the function SWnentries of the file frmts/hdf4/hdf-eos/SWapi.c. Such manipulation of the argument DimensionName leads to heap-based buffer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. Upgrading to version 3.12.4RC1 is capable of addressing this issue. The name of the patch is 9491e794f1757f08063ea2f7a274ad2994afa636. It is advisable to upgrade the affected component.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Product https://github.com/OSGeo/gdal/
Patch https://github.com/OSGeo/gdal/commit/9491e794f1757f08063ea2f7a274ad2994afa636
Exploit https://github.com/OSGeo/gdal/issues/14356
Issue Tracking https://github.com/OSGeo/gdal/pull/14361
Release Notes https://github.com/OSGeo/gdal/releases/tag/v3.12.4RC1
Exploit https://github.com/biniamf/pocs/tree/main/gdal-swinqdims_bof
Exploit https://vuldb.com/submit/808038
Third Party Advisory https://vuldb.com/vuln/361839
Permissions Required https://vuldb.com/vuln/361839/cti

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:osgeo:gdal:*:*:*:*:*:*:*:* gdal >= None <= 3.12.4
cpe:2.3:a:osgeo:gdal:3.13.0:beta1:*:*:*:*:*:* gdal == None == 3.13.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
gdal edge-community 3.13.0-r1 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.13.0-r0 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.12.4-r0 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.12.3-r4 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.12.3-r3 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.12.3-r2 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.12.3-r1 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.12.3-r0 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.12.2-r3 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.12.2-r1 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.12.2-r0 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.12.1-r3 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.12.1-r2 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.12.1-r1 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.12.1-r0 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.12.0-r0 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.11.5-r2 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.11.5-r1 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.11.5-r0 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.11.4-r6 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.11.4-r5 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.11.4-r4 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.11.4-r3 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.11.4-r2 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.11.4-r1 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.11.4-r0 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.11.3-r4 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.11.3-r3 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.11.3-r2 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.11.3-r1 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.11.3-r0 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.11.1-r1 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.11.1-r0 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.11.0-r4 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.11.0-r3 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.11.0-r2 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.11.0-r0 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.10.3-r1 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.10.3-r0 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.10.2-r2 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.10.2-r1 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.10.2-r0 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.10.1-r3 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.10.1-r2 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.10.1-r1 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.10.1-r0 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.10.0-r7 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal 3.23-community 3.11.5-r2 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable