Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-8084
PUBLISHED
More InfoOfficial Page
Assigner-VulDB
Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5
View Known Exploited Vulnerability (KEV) details
Published At-07 May, 2026 | 18:30
Updated At-07 May, 2026 | 18:30
Rejected At-
▼CVE Numbering Authority (CNA)
OSGeo gdal HDF-EOS Grid File SWapi.c memmove out-of-bounds

A vulnerability was determined in OSGeo gdal up to 3.13.0dev-4. This vulnerability affects the function memmove of the file frmts/hdf4/hdf-eos/SWapi.c of the component HDF-EOS Grid File Handler. This manipulation causes out-of-bounds read. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized. Upgrading to version 3.13.0RC1 is able to resolve this issue. Patch name: a791f70f8eaec540974ec989ca6fb00266b7646c. Upgrading the affected component is advised.

Affected Products
Vendor
OSGeo
Product
gdal
CPEs
  • cpe:2.3:a:osgeo:gdal:*:*:*:*:*:*:*:*
Modules
  • HDF-EOS Grid File Handler
Versions
Affected
  • 3.13.0dev-4
Unaffected
  • 3.13.0RC1
Problem Types
TypeCWE IDDescription
CWECWE-125Out-of-Bounds Read
CWECWE-119Memory Corruption
Type: CWE
CWE ID: CWE-125
Description: Out-of-Bounds Read
Type: CWE
CWE ID: CWE-119
Description: Memory Corruption
Metrics
VersionBase scoreBase severityVector
4.04.8MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
3.13.3LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
3.03.3LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
2.01.7N/A
AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C
Version: 4.0
Base score: 4.8
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
Version: 3.1
Base score: 3.3
Base severity: LOW
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
Version: 3.0
Base score: 3.3
Base severity: LOW
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
Version: 2.0
Base score: 1.7
Base severity: N/A
Vector:
AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
reporter
biniam (VulDB User)
Timeline
EventDate
Advisory disclosed2026-05-07 00:00:00
VulDB entry created2026-05-07 02:00:00
VulDB entry last update2026-05-07 14:26:35
Event: Advisory disclosed
Date: 2026-05-07 00:00:00
Event: VulDB entry created
Date: 2026-05-07 02:00:00
Event: VulDB entry last update
Date: 2026-05-07 14:26:35
Replaced By
Rejected Reason
References
HyperlinkResource
https://vuldb.com/vuln/361838
vdb-entry
technical-description
https://vuldb.com/vuln/361838/cti
signature
permissions-required
https://vuldb.com/submit/808034
third-party-advisory
https://github.com/biniamf/pocs/tree/main/gdal_swfinfo_dimlist_oob-rw
exploit
https://github.com/OSGeo/gdal/issues/14378
issue-tracking
https://github.com/biniamf/pocs/blob/main/gdal_swfinfo_dimlist_oob-rw
exploit
https://github.com/OSGeo/gdal/commit/a791f70f8eaec540974ec989ca6fb00266b7646c
patch
https://github.com/OSGeo/gdal/releases/tag/v3.13.0RC1
patch
https://github.com/OSGeo/gdal/
product
Hyperlink: https://vuldb.com/vuln/361838
Resource:
vdb-entry
technical-description
Hyperlink: https://vuldb.com/vuln/361838/cti
Resource:
signature
permissions-required
Hyperlink: https://vuldb.com/submit/808034
Resource:
third-party-advisory
Hyperlink: https://github.com/biniamf/pocs/tree/main/gdal_swfinfo_dimlist_oob-rw
Resource:
exploit
Hyperlink: https://github.com/OSGeo/gdal/issues/14378
Resource:
issue-tracking
Hyperlink: https://github.com/biniamf/pocs/blob/main/gdal_swfinfo_dimlist_oob-rw
Resource:
exploit
Hyperlink: https://github.com/OSGeo/gdal/commit/a791f70f8eaec540974ec989ca6fb00266b7646c
Resource:
patch
Hyperlink: https://github.com/OSGeo/gdal/releases/tag/v3.13.0RC1
Resource:
patch
Hyperlink: https://github.com/OSGeo/gdal/
Resource:
product
Details not found