CVE-2026-8212

Name
CVE-2026-8212
Description
A flaw has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this vulnerability is the function SWSDfldsrch of the file frmts/hdf4/hdf-eos/SWapi.c. Executing a manipulation can lead to heap-based buffer overflow. The attack requires local access. The exploit has been published and may be used. Upgrading to version 3.13.0RC1 addresses this issue. This patch is called 3e04c0385630e4d42517046d9a4967dfccfeb7fd. The affected component should be upgraded.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
cna@vuldb.com https://github.com/OSGeo/gdal/
cna@vuldb.com https://github.com/OSGeo/gdal/commit/3e04c0385630e4d42517046d9a4967dfccfeb7fd
cna@vuldb.com https://github.com/OSGeo/gdal/issues/14398
cna@vuldb.com https://github.com/OSGeo/gdal/releases/tag/v3.13.0RC1
cna@vuldb.com https://github.com/biniamf/pocs/tree/main/gdal-swsdfldsrch_oob-read
cna@vuldb.com https://vuldb.com/submit/808127
cna@vuldb.com https://vuldb.com/vuln/362429
cna@vuldb.com https://vuldb.com/vuln/362429/cti

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:osgeo:gdal:*:*:*:*:*:*:*:* gdal >= None <= 3.12.4
cpe:2.3:a:osgeo:gdal:3.13.0:beta1:*:*:*:*:*:* gdal == None == 3.13.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
gdal edge-community 3.13.0-r1 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.13.0-r0 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.12.4-r0 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.12.3-r4 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.12.3-r3 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.12.3-r2 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.12.3-r1 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.12.3-r0 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.12.2-r3 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.12.2-r1 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.12.2-r0 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.12.1-r3 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.12.1-r2 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.12.1-r1 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.12.1-r0 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.12.0-r0 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.11.5-r2 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.11.5-r1 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.11.5-r0 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.11.4-r6 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.11.4-r5 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.11.4-r4 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.11.4-r3 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.11.4-r2 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.11.4-r1 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.11.4-r0 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.11.3-r4 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.11.3-r3 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.11.3-r2 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.11.3-r1 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.11.3-r0 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.11.1-r1 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.11.1-r0 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.11.0-r4 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.11.0-r3 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.11.0-r2 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.11.0-r0 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.10.3-r1 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.10.3-r0 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.10.2-r2 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.10.2-r1 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.10.2-r0 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.10.1-r3 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.10.1-r2 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.10.1-r1 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.10.1-r0 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.10.0-r7 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal 3.23-community 3.11.5-r2 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable