CVE-2026-8088 - Vulnerability Analysis
LowCVSS: 3.3Last Updated: May 8, 2026
OSGeo gdal - Out of Bounds Read
Published: May 7, 2026Updated: May 8, 2026PoC Available
Overview
OSGeo gdal <= 3.13.0dev-4 contains an out-of-bounds read caused by improper handling in GDfieldinfo function in frmts/hdf4/hdf-eos/GDapi.c, letting local attackers read memory out of bounds, exploit requires local access.
Severity & Score
Severity: Low
CVSS Score: 3.3
Impact
Local attackers can read out-of-bounds memory, potentially leading to information disclosure or application crash.
Mitigation
Upgrade to version 3.13.0RC1 or later.
References
- https://github.com/OSGeo/gdal/
- https://github.com/OSGeo/gdal/commit/a791f70f8eaec540974ec989ca6fb00266b7646c
- https://github.com/OSGeo/gdal/issues/14379
- https://github.com/OSGeo/gdal/releases/tag/v3.13.0RC1
- https://github.com/biniamf/pocs/tree/main/gdal-gdapi-gdfinfo-dimlist-oob-read
- https://vuldb.com/submit/808040
- https://vuldb.com/vuln/361841
- https://vuldb.com/vuln/361841/cti
Related Resources
Details
- CVE ID
- CVE-2026-8088
- Severity
- Low
- CVSS Score
- 3.3
- Type
- out_of_bounds_rw
- Status
- confirmed
CWE
- CWE-119
CVSS Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L