JLSEC-2026-770

Source
https://github.com/JuliaLang/SecurityAdvisories.jl/blob/main/advisories/published/2026/JLSEC-2026-770.md
Import Source
https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-770.json
JSON Data
https://api.osv.dev/v1/vulns/JLSEC-2026-770
Upstream
  • EUVD-2026-28436
Published
2026-07-15T21:25:44.755Z
Modified
2026-07-18T00:02:23.446190105Z
Severity
  • 1.7 (Low) CVSS_V2 - AV:L/AC:L/Au:S/C:N/I:N/A:P CVSS Calculator
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
  • 1.9 (Low) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator
Summary
OSGeo GDAL vulnerable to out-of-bounds read
Details

A weakness has been identified in OSGeo gdal up to 3.13.0dev-4. The affected element is the function GDfieldinfo of the file frmts/hdf4/hdf-eos/GDapi.c. Executing a manipulation can lead to out-of-bounds read. The attack needs to be launched locally. The exploit has been made available to the public and could be used for attacks. Upgrading to version 3.13.0RC1 is sufficient to fix this issue. This patch is called a791f70f8eaec540974ec989ca6fb00266b7646c. The affected component should be upgraded.

Database specific
{
    "sources": [
        {
            "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2026-8088",
            "html_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8088",
            "id": "CVE-2026-8088",
            "modified": "2026-06-17T11:03:28.350Z",
            "imported": "2026-07-17T22:39:16.613Z",
            "published": "2026-05-07T20:16:45.510Z",
            "database_specific": {
                "status": "Analyzed"
            }
        },
        {
            "html_url": "https://github.com/advisories/GHSA-j3f5-rw74-g4rv",
            "published": "2026-05-07T21:30:30Z",
            "url": "https://api.github.com/advisories/GHSA-j3f5-rw74-g4rv",
            "imported": "2026-07-17T22:39:16.791Z",
            "id": "GHSA-j3f5-rw74-g4rv",
            "modified": "2026-05-12T16:29:30Z"
        },
        {
            "url": "https://euvdservices.enisa.europa.eu/api/enisaid?id=EUVD-2026-28436",
            "html_url": "https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-28436",
            "id": "EUVD-2026-28436",
            "imported": "2026-07-17T22:39:26.550Z",
            "published": "2026-05-07T19:30:11Z",
            "modified": "2026-05-08T21:30:21Z"
        }
    ],
    "license": "CC-BY-4.0"
}
References

Affected packages

Julia / GDAL_jll

Package

Name
GDAL_jll
Purl
pkg:julia/GDAL_jll?uuid=a7073274-a066-55f0-b90d-d619367d196c

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
305.1300.0+0

Database specific

source
"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-770.json"