CVE-2026-8213
OSGeo gdal Grid File GDapi.c GDSDfldsrch heap-based overflow
CVSS Score
5.3
EPSS Score
0.0%
EPSS Percentile
2th
A vulnerability has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this issue is the function GDSDfldsrch of the file frmts/hdf4/hdf-eos/GDapi.c of the component Grid File Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 3.13.0RC1 can resolve this issue. The identifier of the patch is 3e04c0385630e4d42517046d9a4967dfccfeb7fd. It is suggested to upgrade the affected component.
| CWE | CWE-122 CWE-119 |
| Vendor | osgeo |
| Product | gdal |
| Published | May 9, 2026 |
| Last Updated | May 11, 2026 |
Stay Ahead of the Next One
Get instant alerts for osgeo gdal
Be the first to know when new medium vulnerabilities affecting osgeo gdal are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
OSGeo / gdal
3.13.0dev-4
References
vuldb.com: https://vuldb.com/vuln/362430 vuldb.com: https://vuldb.com/vuln/362430/cti vuldb.com: https://vuldb.com/submit/808128 github.com: https://github.com/OSGeo/gdal/issues/14399 github.com: https://github.com/biniamf/pocs/tree/main/gdal-gdsdfldsrch_oob-read github.com: https://github.com/OSGeo/gdal/commit/3e04c0385630e4d42517046d9a4967dfccfeb7fd github.com: https://github.com/OSGeo/gdal/releases/tag/v3.13.0RC1 github.com: https://github.com/OSGeo/gdal/
Credits
๐ biniam (VulDB User)