CVE-2026-8086
OSGeo gdal SWapi.c SWnentries heap-based overflow
CVSS Score
5.3
EPSS Score
0.0%
EPSS Percentile
0th
A vulnerability was identified in OSGeo gdal up to 3.13.0dev-4. This issue affects the function SWnentries of the file frmts/hdf4/hdf-eos/SWapi.c. Such manipulation of the argument DimensionName leads to heap-based buffer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. Upgrading to version 3.12.4RC1 is capable of addressing this issue. The name of the patch is 9491e794f1757f08063ea2f7a274ad2994afa636. It is advisable to upgrade the affected component.
| CWE | CWE-122 CWE-119 |
| Vendor | osgeo |
| Product | gdal |
| Published | May 7, 2026 |
| Last Updated | May 7, 2026 |
Stay Ahead of the Next One
Get instant alerts for osgeo gdal
Be the first to know when new medium vulnerabilities affecting osgeo gdal are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
OSGeo / gdal
3.13.0dev-4
References
vuldb.com: https://vuldb.com/vuln/361839 vuldb.com: https://vuldb.com/vuln/361839/cti vuldb.com: https://vuldb.com/submit/808038 github.com: https://github.com/OSGeo/gdal/issues/14356 github.com: https://github.com/OSGeo/gdal/pull/14361 github.com: https://github.com/biniamf/pocs/tree/main/gdal-swinqdims_bof github.com: https://github.com/OSGeo/gdal/commit/9491e794f1757f08063ea2f7a274ad2994afa636 github.com: https://github.com/OSGeo/gdal/releases/tag/v3.12.4RC1 github.com: https://github.com/OSGeo/gdal/
Credits
๐ biniam (VulDB User)