PT-2026-38559 · Osgeo · Gdal

Biniam

Published

2026-05-07

Updated

2026-05-11

CVE-2026-8087

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions OSGeo gdal versions prior to 3.13.0RC1

Description A heap-based buffer overflow occurs in the GDnentries() function within the frmts/hdf4/hdf-eos/GDapi.c file. This issue is triggered by manipulating the DataFieldName argument and requires the attack to be initiated from a local position.

Recommendations Upgrade to version 3.13.0RC1.

Exploit

Fix

Buffer Overflow

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-122

Related Identifiers

BIT-GDAL-2026-8087

CVE-2026-8087

ECHO-2FEA-EB73-2884

GHSA-H9RH-5FFH-H669

Affected Products

Gdal

PT-2026-38559 · Osgeo · Gdal

CVE-2026-8087

Weakness Enumeration

Related Identifiers

Affected Products

References · 18