CVE-2026-8084 - Vulnerability Analysis
LowCVSS: 3.3Last Updated: May 8, 2026
OSGeo gdal - Out of Bounds Read
Published: May 7, 2026Updated: May 8, 2026PoC Available
Overview
OSGeo gdal <= 3.13.0dev-4 contains an out-of-bounds read caused by improper handling in memmove function of HDF-EOS Grid File Handler, letting local attackers read memory out-of-bounds, exploit requires local access.
Severity & Score
Severity: Low
CVSS Score: 3.3
Impact
Local attackers can read out-of-bounds memory, potentially exposing sensitive information or causing application crashes.
Mitigation
Upgrade to version 3.13.0RC1 or later.
References
- https://github.com/OSGeo/gdal/commit/a791f70f8eaec540974ec989ca6fb00266b7646c
- https://github.com/OSGeo/gdal/issues/14378
- https://vuldb.com/submit/808034
- https://github.com/OSGeo/gdal/releases/tag/v3.13.0RC1
- https://github.com/biniamf/pocs/blob/main/gdal_swfinfo_dimlist_oob-rw
- https://github.com/biniamf/pocs/tree/main/gdal_swfinfo_dimlist_oob-rw
- https://vuldb.com/vuln/361838
- https://vuldb.com/vuln/361838/cti
- https://github.com/OSGeo/gdal/
Related Resources
Details
- CVE ID
- CVE-2026-8084
- Severity
- Low
- CVSS Score
- 3.3
- Type
- out_of_bounds_rw
- Status
- confirmed
CWE
- CWE-119
CVSS Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L