CVE-2026-8084

Source
https://cve.org/CVERecord?id=CVE-2026-8084
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-8084.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-8084
Aliases
Downstream
Published
2026-05-07T18:30:13.275Z
Modified
2026-07-08T08:13:52.572143895Z
Severity
  • 1.9 (Low) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
OSGeo gdal HDF-EOS Grid File SWapi.c memmove out-of-bounds
Details

A vulnerability was determined in OSGeo gdal up to 3.13.0dev-4. This vulnerability affects the function memmove of the file frmts/hdf4/hdf-eos/SWapi.c of the component HDF-EOS Grid File Handler. This manipulation causes out-of-bounds read. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized. Upgrading to version 3.13.0RC1 is able to resolve this issue. Patch name: a791f70f8eaec540974ec989ca6fb00266b7646c. Upgrading the affected component is advised.

Database specific
{
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "introduced": "3.13.0dev-4"
                },
                {
                    "last_affected": "3.13.0dev-4"
                }
            ]
        }
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/8xxx/CVE-2026-8084.json",
    "cna_assigner": "VulDB",
    "cwe_ids": [
        "CWE-119",
        "CWE-125"
    ]
}
References

Affected packages

Git / github.com/osgeo/gdal

Affected ranges

Type
GIT
Repo
https://github.com/osgeo/gdal
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Introduced
Fixed
Database specific
{
    "source": [
        "CPE_RANGE",
        "CPE_STRING",
        "REFERENCES"
    ],
    "cpe": [
        "cpe:2.3:a:osgeo:gdal:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:osgeo:gdal:3.13.0:beta1:*:*:*:*:*:*",
        "cpe:2.3:a:osgeo:gdal:3.13.0:beta2:*:*:*:*:*:*"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.12.4"
        },
        {
            "introduced": "3.13.0-beta1"
        },
        {
            "last_affected": "3.13.0-beta1"
        },
        {
            "introduced": "3.13.0-beta2"
        },
        {
            "last_affected": "3.13.0-beta2"
        }
    ]
}

Affected versions

3.*
3.13.0-beta1
3.13.0-beta2
v3.*
v3.13.0beta1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-8084.json"