CVE-2026-8213

Name
CVE-2026-8213
Description
A vulnerability has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this issue is the function GDSDfldsrch of the file frmts/hdf4/hdf-eos/GDapi.c of the component Grid File Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 3.13.0RC1 can resolve this issue. The identifier of the patch is 3e04c0385630e4d42517046d9a4967dfccfeb7fd. It is suggested to upgrade the affected component.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
cna@vuldb.com https://github.com/OSGeo/gdal/
cna@vuldb.com https://github.com/OSGeo/gdal/commit/3e04c0385630e4d42517046d9a4967dfccfeb7fd
cna@vuldb.com https://github.com/OSGeo/gdal/issues/14399
cna@vuldb.com https://github.com/OSGeo/gdal/releases/tag/v3.13.0RC1
cna@vuldb.com https://github.com/biniamf/pocs/tree/main/gdal-gdsdfldsrch_oob-read
cna@vuldb.com https://vuldb.com/submit/808128
cna@vuldb.com https://vuldb.com/vuln/362430
cna@vuldb.com https://vuldb.com/vuln/362430/cti

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:osgeo:gdal:*:*:*:*:*:*:*:* gdal >= None <= 3.12.4
cpe:2.3:a:osgeo:gdal:3.13.0:beta1:*:*:*:*:*:* gdal == None == 3.13.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
gdal edge-community 3.13.0-r1 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.13.0-r0 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.12.4-r0 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.12.3-r4 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.12.3-r3 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.12.3-r2 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.12.3-r1 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.12.3-r0 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.12.2-r3 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.12.2-r1 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.12.2-r0 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.12.1-r3 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.12.1-r2 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.12.1-r1 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.12.1-r0 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.12.0-r0 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.11.5-r2 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.11.5-r1 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.11.5-r0 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.11.4-r6 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.11.4-r5 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.11.4-r4 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.11.4-r3 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.11.4-r2 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.11.4-r1 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.11.4-r0 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.11.3-r4 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.11.3-r3 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.11.3-r2 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.11.3-r1 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.11.3-r0 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.11.1-r1 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.11.1-r0 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.11.0-r4 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.11.0-r3 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.11.0-r2 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.11.0-r0 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.10.3-r1 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.10.3-r0 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.10.2-r2 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.10.2-r1 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.10.2-r0 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.10.1-r3 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.10.1-r2 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.10.1-r1 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.10.1-r0 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal edge-community 3.10.0-r7 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable
gdal 3.23-community 3.11.5-r2 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable