CVE-2026-8087: Heap-based Buffer Overflow in OSGeo gdal
CVE-2026-8087 is a heap-based buffer overflow vulnerability in OSGeo gdal versions up to 3. 13. 0dev-4. The flaw exists in the GDnentries function within the file frmts/hdf4/hdf-eos/GDapi. c and can be triggered by manipulating the DataFieldName argument. Exploitation requires local access and no user interaction. A public exploit is available. Upgrading to version 3. 13. 0RC1, which includes a patch identified by commit 184f77dbcc74118c062c05e464c88161d3c37b9b, is recommended to mitigate this issue.
AI Analysis
Technical Summary
This vulnerability involves a heap-based buffer overflow in the GDnentries function of OSGeo gdal up to version 3.13.0dev-4. The issue arises from improper handling of the DataFieldName argument, allowing a local attacker to cause memory corruption. The vulnerability has a CVSS 4.8 (medium) score, reflecting local attack vector with low complexity and no required privileges beyond local access. A patch is available in version 3.13.0RC1, addressing the flaw.
Potential Impact
Successful exploitation can lead to heap memory corruption, potentially causing application crashes or other unintended behavior. Since the attack requires local access and no privileges beyond that, the impact is limited to local users. There is no indication of remote exploitation or privilege escalation from the provided data.
Mitigation Recommendations
Upgrade the affected OSGeo gdal component to version 3.13.0RC1 or later, which contains the official patch (commit 184f77dbcc74118c062c05e464c88161d3c37b9b) addressing this vulnerability. No other mitigation or temporary workaround is indicated in the available information.
CVE-2026-8087: Heap-based Buffer Overflow in OSGeo gdal
Description
CVE-2026-8087 is a heap-based buffer overflow vulnerability in OSGeo gdal versions up to 3. 13. 0dev-4. The flaw exists in the GDnentries function within the file frmts/hdf4/hdf-eos/GDapi. c and can be triggered by manipulating the DataFieldName argument. Exploitation requires local access and no user interaction. A public exploit is available. Upgrading to version 3. 13. 0RC1, which includes a patch identified by commit 184f77dbcc74118c062c05e464c88161d3c37b9b, is recommended to mitigate this issue.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability involves a heap-based buffer overflow in the GDnentries function of OSGeo gdal up to version 3.13.0dev-4. The issue arises from improper handling of the DataFieldName argument, allowing a local attacker to cause memory corruption. The vulnerability has a CVSS 4.8 (medium) score, reflecting local attack vector with low complexity and no required privileges beyond local access. A patch is available in version 3.13.0RC1, addressing the flaw.
Potential Impact
Successful exploitation can lead to heap memory corruption, potentially causing application crashes or other unintended behavior. Since the attack requires local access and no privileges beyond that, the impact is limited to local users. There is no indication of remote exploitation or privilege escalation from the provided data.
Mitigation Recommendations
Upgrade the affected OSGeo gdal component to version 3.13.0RC1 or later, which contains the official patch (commit 184f77dbcc74118c062c05e464c88161d3c37b9b) addressing this vulnerability. No other mitigation or temporary workaround is indicated in the available information.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-05-07T12:34:23.855Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69fce65acbff5d861023a2f6
Added to database: 5/7/2026, 7:22:02 PM
Last enriched: 5/7/2026, 7:36:36 PM
Last updated: 5/7/2026, 8:40:45 PM
Views: 7
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.