Home

Description

A flaw has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this vulnerability is the function SWSDfldsrch of the file frmts/hdf4/hdf-eos/SWapi.c. Executing a manipulation can lead to heap-based buffer overflow. The attack requires local access. The exploit has been published and may be used. Upgrading to version 3.13.0RC1 addresses this issue. This patch is called 3e04c0385630e4d42517046d9a4967dfccfeb7fd. The affected component should be upgraded.

PUBLISHED Reserved 2026-05-09 | Published 2026-05-09 | Updated 2026-05-09 | Assigner VulDB




MEDIUM: 4.8CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
MEDIUM: 5.3CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
MEDIUM: 5.3CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
4.3AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C

Problem types

Heap-based Buffer Overflow

Memory Corruption

Product status

3.13.0dev-4
affected

3.13.0RC1
unaffected

Timeline

2026-05-09:Advisory disclosed
2026-05-09:VulDB entry created
2026-05-09:VulDB entry last update

Credits

biniam (VulDB User) reporter

References

vuldb.com/vuln/362429 (VDB-362429 | OSGeo gdal SWapi.c SWSDfldsrch heap-based overflow) vdb-entry technical-description

vuldb.com/vuln/362429/cti (VDB-362429 | CTI Indicators (IOB, IOC, IOA)) signature permissions-required

vuldb.com/submit/808127 (Submit #808127 | OSGeo GDAL 3.13.0dev Out-of-Bounds Read) third-party-advisory

github.com/OSGeo/gdal/issues/14398 issue-tracking

github.com/biniamf/pocs/tree/main/gdal-swsdfldsrch_oob-read exploit

github.com/...ommit/3e04c0385630e4d42517046d9a4967dfccfeb7fd patch

github.com/OSGeo/gdal/releases/tag/v3.13.0RC1 patch

github.com/OSGeo/gdal/ product

cve.org (CVE-2026-8212)

nvd.nist.gov (CVE-2026-8212)

Download JSON