CVE-2026-8212

MEDIUM

OSGeo gdal SWapi.c SWSDfldsrch heap-based overflow

Title source: cna

Description

A flaw has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this vulnerability is the function SWSDfldsrch of the file frmts/hdf4/hdf-eos/SWapi.c. Executing a manipulation can lead to heap-based buffer overflow. The attack requires local access. The exploit has been published and may be used. Upgrading to version 3.13.0RC1 addresses this issue. This patch is called 3e04c0385630e4d42517046d9a4967dfccfeb7fd. The affected component should be upgraded.

References (8)

Core 8

Core References

Vdb Entry, Technical Description vdb-entry technical-description

VDB-362429 | OSGeo gdal SWapi.c SWSDfldsrch heap-based overflow

https://vuldb.com/vuln/362429

Signature, Permissions Required signature permissions-required

VDB-362429 | CTI Indicators (IOB, IOC, IOA)

https://vuldb.com/vuln/362429/cti

Third Party Advisory third-party-advisory

Submit #808127 | OSGeo GDAL 3.13.0dev Out-of-Bounds Read

https://vuldb.com/submit/808127

Issue Tracking issue-tracking

https://github.com/OSGeo/gdal/issues/14398

Exploit exploit

https://github.com/biniamf/pocs/tree/main/gdal-swsdfldsrch_oob-read

View Exploit ZIP pw:eip

Patch patch

https://github.com/OSGeo/gdal/commit/3e04c0385630e4d42517046d9a4967dfccfeb7fd

View Patch ZIP pw:eip

Patch patch

https://github.com/OSGeo/gdal/releases/tag/v3.13.0RC1

Product product

https://github.com/OSGeo/gdal/

Scores

CVSS v3 5.3

EPSS 0.0021

EPSS Percentile 10.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-119 CWE-122 CWE-125

Status published

Products (5)

osgeo/gdal 3.13.0 beta1 (2 CPE variants)

osgeo/gdal < 3.12.4

OSGeo/gdal 3.13.0RC1

OSGeo/gdal 3.13.0dev-4

pypi/GDAL 0 - 3.13.0RC1PyPI

Published May 09, 2026

Tracked Since May 10, 2026