CVE-2026-8212
published 2026-05-09CVE-2026-8212: A flaw has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this vulnerability is the function SWSDfldsrch of the file frmts/hdf4/hdf-eos/SWapi.c…
PriorityP427medium5.5CVSS 3.1
AVLACLPRLUINSUCNINAH
EPSS
0.21%
10.5th percentile
A flaw has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this vulnerability is the function SWSDfldsrch of the file frmts/hdf4/hdf-eos/SWapi.c. Executing a manipulation can lead to heap-based buffer overflow. The attack requires local access. The exploit has been published and may be used. Upgrading to version 3.13.0RC1 addresses this issue. This patch is called 3e04c0385630e4d42517046d9a4967dfccfeb7fd. The affected component should be upgraded.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| osgeo | gdal | <= 3.12.4 | — |
| osgeo | gdal | — | — |
| osgeo | gdal | — | — |
| osgeo | gdal | >= 0 < 3.13.0RC1 | 3.13.0RC1 |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvdv4.01.9LOWCVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.04.3MEDIUMAV:L/AC:L/Au:S/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
OSGeo gdal has a heap-based buffer overflow
ghsa·2026-05-10
CVE-2026-8212 [LOW] CWE-119 OSGeo gdal has a heap-based buffer overflow
OSGeo gdal has a heap-based buffer overflow
A flaw has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this vulnerability is the function SWSDfldsrch of the file frmts/hdf4/hdf-eos/SWapi.c. Executing a manipulation can lead to heap-based buffer overflow. The attack requires local access. The exploit has been published and may be used. Upgrading to version 3.13.0RC1 addresses this issue. This patch commit sha is 3e04c0385630e4d42517046d9a4967dfccfeb7fd. The affected component should be upgraded.
GHSA
GHSA-r5m4-5vww-w9f5: A flaw has been found in OSGeo gdal up to 3
ghsa_unreviewed·2026-05-10
CVE-2026-8212 [LOW] CWE-119 GHSA-r5m4-5vww-w9f5: A flaw has been found in OSGeo gdal up to 3
A flaw has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this vulnerability is the function SWSDfldsrch of the file frmts/hdf4/hdf-eos/SWapi.c. Executing a manipulation can lead to heap-based buffer overflow. The attack requires local access. The exploit has been published and may be used. Upgrading to version 3.13.0RC1 addresses this issue. This patch is called 3e04c0385630e4d42517046d9a4967dfccfeb7fd. The affected component should be upgraded.
VulDB
OSGeo gdal up to 3.13.0dev-4 SWapi.c SWSDfldsrch heap-based overflow (Issue 14398 / EUVD-2026-28948)
vuldb·2026-05-09·CVSS 1.9
CVE-2026-8212 [LOW] OSGeo gdal up to 3.13.0dev-4 SWapi.c SWSDfldsrch heap-based overflow (Issue 14398 / EUVD-2026-28948)
A vulnerability labeled as critical has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this vulnerability is the function SWSDfldsrch of the file frmts/hdf4/hdf-eos/SWapi.c. Executing a manipulation can lead to heap-based buffer overflow.
This vulnerability appears as CVE-2026-8212. The attack requires local access. In addition, an exploit is available.
The affected component should be upgraded.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/OSGeo/gdal/https://github.com/OSGeo/gdal/commit/3e04c0385630e4d42517046d9a4967dfccfeb7fdhttps://github.com/OSGeo/gdal/issues/14398https://github.com/OSGeo/gdal/releases/tag/v3.13.0RC1https://github.com/biniamf/pocs/tree/main/gdal-swsdfldsrch_oob-readhttps://vuldb.com/submit/808127https://vuldb.com/vuln/362429https://vuldb.com/vuln/362429/cti
2026-05-09
Published