CVE-2026-8212

MEDIUM 5.3

OSGeo gdal SWapi.c SWSDfldsrch heap-based overflow

CVSS Score

5.3

EPSS Score

0.0%

EPSS Percentile

2th

A flaw has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this vulnerability is the function SWSDfldsrch of the file frmts/hdf4/hdf-eos/SWapi.c. Executing a manipulation can lead to heap-based buffer overflow. The attack requires local access. The exploit has been published and may be used. Upgrading to version 3.13.0RC1 addresses this issue. This patch is called 3e04c0385630e4d42517046d9a4967dfccfeb7fd. The affected component should be upgraded.

CWE	CWE-122 CWE-119
Vendor	osgeo
Product	gdal
Published	May 9, 2026
Last Updated	May 11, 2026

Stay Ahead of the Next One

Get instant alerts for osgeo gdal

Be the first to know when new medium vulnerabilities affecting osgeo gdal are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

OSGeo / gdal

3.13.0dev-4

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/vuln/362429 vuldb.com: https://vuldb.com/vuln/362429/cti vuldb.com: https://vuldb.com/submit/808127 github.com: https://github.com/OSGeo/gdal/issues/14398 github.com: https://github.com/biniamf/pocs/tree/main/gdal-swsdfldsrch_oob-read github.com: https://github.com/OSGeo/gdal/commit/3e04c0385630e4d42517046d9a4967dfccfeb7fd github.com: https://github.com/OSGeo/gdal/releases/tag/v3.13.0RC1 github.com: https://github.com/OSGeo/gdal/

Credits

🔍 biniam (VulDB User)