PT-2026-38556 · Osgeo · Gdal

Biniam

Published

2026-05-07

Updated

2026-05-11

CVE-2026-8086

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions OSGeo gdal versions prior to 3.12.4RC1

Description A heap-based buffer overflow occurs in the SWnentries() function within the frmts/hdf4/hdf-eos/SWapi.c file. This issue is triggered by the manipulation of the DimensionName argument and requires local access to be exploited.

Recommendations Upgrade to version 3.12.4RC1.

Exploit

Fix

Buffer Overflow

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-122

Related Identifiers

BIT-GDAL-2026-8086

CVE-2026-8086

ECHO-D971-6867-258C

Affected Products

Gdal

PT-2026-38556 · Osgeo · Gdal

CVE-2026-8086

Weakness Enumeration

Related Identifiers

Affected Products

References · 18