CVE-2026-8212

Sažetak

A flaw has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this vulnerability is the function SWSDfldsrch of the file frmts/hdf4/hdf-eos/SWapi.c. Executing a manipulation can lead to heap-based buffer overflow. The attack requires local access. The exploit has been published and may be used. Upgrading to version 3.13.0RC1 addresses this issue. This patch is called 3e04c0385630e4d42517046d9a4967dfccfeb7fd. The affected component should be upgraded.

Reference

https://github.com/OSGeo/gdal/
https://github.com/OSGeo/gdal/commit/3e04c0385630e4d42517046d9a4967dfccfeb7fd
https://github.com/OSGeo/gdal/issues/14398
https://github.com/OSGeo/gdal/releases/tag/v3.13.0RC1
https://github.com/biniamf/pocs/tree/main/gdal-swsdfldsrch_oob-read
https://vuldb.com/submit/808127
https://vuldb.com/vuln/362429
https://vuldb.com/vuln/362429/cti

CVSS

Base:	4.3
Impact:	6.4
Exploitability:	3.1

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:L/AC:L/Au:S/C:P/I:P/A:P

Zadnje važnije ažuriranje

13-05-2026 - 15:31

Objavljeno

09-05-2026 - 23:16