CVE-2026-8213
published 2026-05-09CVE-2026-8213: A vulnerability has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this issue is the function GDSDfldsrch of the file frmts/hdf4/hdf-eos/GDapi.c of…
PriorityP429medium5.5CVSS 3.1
AVLACLPRLUINSUCNINAH
EPSS
0.26%
17.1th percentile
A vulnerability has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this issue is the function GDSDfldsrch of the file frmts/hdf4/hdf-eos/GDapi.c of the component Grid File Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 3.13.0RC1 can resolve this issue. The identifier of the patch is 3e04c0385630e4d42517046d9a4967dfccfeb7fd. It is suggested to upgrade the affected component.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| osgeo | gdal | <= 3.12.4 | — |
| osgeo | gdal | — | — |
| osgeo | gdal | — | — |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvdv4.01.9LOWCVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.04.3MEDIUMAV:L/AC:L/Au:S/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8q76-c96g-j64j: A vulnerability has been found in OSGeo gdal up to 3
ghsa_unreviewed·2026-05-10
CVE-2026-8213 [LOW] CWE-119 GHSA-8q76-c96g-j64j: A vulnerability has been found in OSGeo gdal up to 3
A vulnerability has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this issue is the function GDSDfldsrch of the file frmts/hdf4/hdf-eos/GDapi.c of the component Grid File Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 3.13.0RC1 can resolve this issue. The identifier of the patch is 3e04c0385630e4d42517046d9a4967dfccfeb7fd. It is suggested to upgrade the affected component.
VulDB
OSGeo gdal up to 3.13.0dev-4 Grid File GDapi.c GDSDfldsrch heap-based overflow (Issue 14399 / EUVD-2026-28949)
vuldb·2026-05-09·CVSS 1.9
CVE-2026-8213 [LOW] OSGeo gdal up to 3.13.0dev-4 Grid File GDapi.c GDSDfldsrch heap-based overflow (Issue 14399 / EUVD-2026-28949)
A vulnerability marked as critical has been reported in OSGeo gdal up to 3.13.0dev-4. Affected by this issue is the function GDSDfldsrch of the file frmts/hdf4/hdf-eos/GDapi.c of the component Grid File Handler. The manipulation leads to heap-based buffer overflow.
This vulnerability is traded as CVE-2026-8213. An attack has to be approached locally. Furthermore, there is an exploit available.
It is suggested to upgrade the affected component.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/OSGeo/gdal/https://github.com/OSGeo/gdal/commit/3e04c0385630e4d42517046d9a4967dfccfeb7fdhttps://github.com/OSGeo/gdal/issues/14399https://github.com/OSGeo/gdal/releases/tag/v3.13.0RC1https://github.com/biniamf/pocs/tree/main/gdal-gdsdfldsrch_oob-readhttps://vuldb.com/submit/808128https://vuldb.com/vuln/362430https://vuldb.com/vuln/362430/cti
2026-05-09
Published