Vulnerability Description
A vulnerability was identified in OSGeo gdal up to 3.13.0dev-4. This issue affects the function SWnentries of the file frmts/hdf4/hdf-eos/SWapi.c. Such manipulation of the argument DimensionName leads to heap-based buffer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. Upgrading to version 3.12.4RC1 is capable of addressing this issue. The name of the patch is 9491e794f1757f08063ea2f7a274ad2994afa636. It is advisable to upgrade the affected component.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Osgeo | Gdal | <= 3.12.4 |
Related Weaknesses (CWE)
References
- https://github.com/OSGeo/gdal/Product
- https://github.com/OSGeo/gdal/commit/9491e794f1757f08063ea2f7a274ad2994afa636Patch
- https://github.com/OSGeo/gdal/issues/14356ExploitIssue TrackingPatch
- https://github.com/OSGeo/gdal/pull/14361Issue TrackingPatch
- https://github.com/OSGeo/gdal/releases/tag/v3.12.4RC1Release Notes
- https://github.com/biniamf/pocs/tree/main/gdal-swinqdims_bofExploitThird Party Advisory
- https://vuldb.com/submit/808038ExploitThird Party AdvisoryVDB Entry
- https://vuldb.com/vuln/361839Third Party AdvisoryVDB Entry
- https://vuldb.com/vuln/361839/ctiPermissions RequiredVDB Entry
- https://github.com/OSGeo/gdal/issues/14356ExploitIssue TrackingPatch
- https://vuldb.com/submit/808038ExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2026-8086?
CVE-2026-8086 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A vulnerability was identified in OSGeo gdal up to 3.13.0dev-4. This issue affects the function SWnentries of the file frmts/hdf4/hdf-eos/SWapi.c. Such manipulation of the argument DimensionName leads...
How severe is CVE-2026-8086?
CVE-2026-8086 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-8086?
Check the references section above for vendor advisories and patch information. Affected products include: Osgeo Gdal.