CVE-2026-8084

LOW 3.3

OSGeo gdal HDF-EOS Grid File SWapi.c memmove out-of-bounds

CVSS Score

3.3

EPSS Score

0.0%

EPSS Percentile

0th

A vulnerability was determined in OSGeo gdal up to 3.13.0dev-4. This vulnerability affects the function memmove of the file frmts/hdf4/hdf-eos/SWapi.c of the component HDF-EOS Grid File Handler. This manipulation causes out-of-bounds read. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized. Upgrading to version 3.13.0RC1 is able to resolve this issue. Patch name: a791f70f8eaec540974ec989ca6fb00266b7646c. Upgrading the affected component is advised.

CWE	CWE-125 CWE-119
Vendor	osgeo
Product	gdal
Published	May 7, 2026

Stay Ahead of the Next One

Get instant alerts for osgeo gdal

Be the first to know when new low vulnerabilities affecting osgeo gdal are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

OSGeo / gdal

3.13.0dev-4

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/vuln/361838 vuldb.com: https://vuldb.com/vuln/361838/cti vuldb.com: https://vuldb.com/submit/808034 github.com: https://github.com/biniamf/pocs/tree/main/gdal_swfinfo_dimlist_oob-rw github.com: https://github.com/OSGeo/gdal/issues/14378 github.com: https://github.com/biniamf/pocs/blob/main/gdal_swfinfo_dimlist_oob-rw github.com: https://github.com/OSGeo/gdal/commit/a791f70f8eaec540974ec989ca6fb00266b7646c github.com: https://github.com/OSGeo/gdal/releases/tag/v3.13.0RC1 github.com: https://github.com/OSGeo/gdal/

Credits

🔍 biniam (VulDB User)