Vulnerabilities ›

CVE-2026-8087

Medium

CWE-119 — Weakness Type

                    Published: May 7, 2026                      ·  Modified: May 8, 2026                      ·  Source: NVD                

CVSS v3

5.3

🔗 NVD Official

📄 Description (English)

A security flaw has been discovered in OSGeo gdal up to 3.13.0dev-4. Impacted is the function GDnentries of the file frmts/hdf4/hdf-eos/GDapi.c. Performing a manipulation of the argument DataFieldName results in heap-based buffer overflow. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. Upgrading to version 3.13.0RC1 is recommended to address this issue. The patch is named 184f77dbcc74118c062c05e464c88161d3c37b9b. You should upgrade the affected component.

🤖 AI Executive Summary

A heap-based buffer overflow vulnerability exists in OSGeo GDAL up to version 3.13.0dev-4 in the GDnentries function when processing manipulated DataFieldName arguments. Local attackers can exploit this flaw to cause denial of service or potentially execute arbitrary code.

📄 Description (Arabic)

ثغرة تجاوز المخزن المؤقت القائمة على الكومة في دالة GDnentries بملف frmts/hdf4/hdf-eos/GDapi.c في مكتبة OSGeo GDAL. يمكن للمهاجمين المحليين استغلال هذه الثغرة من خلال معالجة معاملات DataFieldName المعدلة بشكل خاص. الاستغلال متاح للجمهور وقد يؤدي إلى رفض الخدمة أو تنفيذ أكواد عشوائية.

🤖 ملخص تنفيذي (AI)

🤖 AI Intelligence Analysis Analyzed: May 30, 2026 05:03

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: medium

🏢 Affected Saudi Sectors

government energy healthcare

🎯 MITRE ATT&CK Techniques

T1190 T1068 T1499

⚖️ Saudi Risk Score (AI)

5.0

/ 10.0

🔧 Remediation Steps (English)

Upgrade OSGeo GDAL to version 3.13.0RC1 or later immediately. Apply patch 184f77dbcc74118c062c05e464c88161d3c37b9b. Restrict local access to systems running vulnerable GDAL versions. Monitor for suspicious file processing activities involving HDF4 data formats.

🔧 خطوات المعالجة (العربية)

قم بترقية مكتبة OSGeo GDAL إلى الإصدار 3.13.0RC1 أو أحدث فوراً. طبق التصحيح 184f77dbcc74118c062c05e464c88161d3c37b9b. قيد الوصول المحلي للأنظمة التي تقوم بتشغيل إصدارات GDAL المعرضة للخطر. راقب الأنشطة المريبة المتعلقة بمعالجة الملفات بصيغ بيانات HDF4.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

A.12.6.1 A.14.2.1

🔵 SAMA CSF

ID.RA-1 PR.IP-12

🟡 ISO 27001:2022

A.12.6.1 A.14.2.1 A.14.2.5

🔗 References & Sources 8

🔗

https://github.com/OSGeo/gdal/

cna@vuldb.com

🔗

https://github.com/OSGeo/gdal/commit/184f77dbcc74118c062c05e464c88161d3c37b9b

cna@vuldb.com

🔗

https://github.com/OSGeo/gdal/issues/14363

cna@vuldb.com

🔗

https://github.com/OSGeo/gdal/releases/tag/v3.13.0RC1

cna@vuldb.com

🔗

https://github.com/biniamf/pocs/tree/main/gdal-gdinqfields_bof

cna@vuldb.com

🔗

https://vuldb.com/submit/808039

cna@vuldb.com

🔗

https://vuldb.com/vuln/361840

cna@vuldb.com

🔗

https://vuldb.com/vuln/361840/cti

cna@vuldb.com

📊 CVSS Score

5.3

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Attack VectorL — Low / Local

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityL — Low / Local

IntegrityL — Low / Local

AvailabilityL — Low / Local

📋 Quick Facts

Severity Medium

CVSS Score5.3

CWECWE-119

EPSS0.02%

Exploit No

Patch ✗ No

Published 2026-05-07

Source Feed nvd

🇸🇦 Saudi Risk Score

5.0

/ 10.0 — Saudi Risk

Priority: MEDIUM

🏷️ Tags

CWE-119

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2026-8087

💬 Comments

Introduce Yourself

Sign In Required