UBUNTU-CVE-2026-8213

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2026-8213

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-8213.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-8213

Upstream

CVE-2026-8213

Published

2026-05-09T23:16:00Z

Modified

2026-05-29T10:45:31.250476481Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
1.9 (Low) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

A vulnerability has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this issue is the function GDSDfldsrch of the file frmts/hdf4/hdf-eos/GDapi.c of the component Grid File Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 3.13.0RC1 can resolve this issue. The identifier of the patch is 3e04c0385630e4d42517046d9a4967dfccfeb7fd. It is suggested to upgrade the affected component.

References

Affected packages

Ubuntu:18.04:LTS

gdal

Package

Name: gdal
Purl: pkg:deb/ubuntu/gdal?arch=source&distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.2.1+dfsg-2build3

2.2.1+dfsg-2build5

2.2.2+dfsg-2build1

2.2.3+dfsg-1

2.2.3+dfsg-2

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "2.2.3+dfsg-2",
            "binary_name": "gdal-bin"
        },
        {
            "binary_version": "2.2.3+dfsg-2",
            "binary_name": "gdal-data"
        },
        {
            "binary_version": "2.2.3+dfsg-2",
            "binary_name": "libgdal-java"
        },
        {
            "binary_version": "2.2.3+dfsg-2",
            "binary_name": "libgdal-perl"
        },
        {
            "binary_version": "2.2.3+dfsg-2",
            "binary_name": "libgdal20"
        },
        {
            "binary_version": "2.2.3+dfsg-2",
            "binary_name": "python-gdal"
        },
        {
            "binary_version": "2.2.3+dfsg-2",
            "binary_name": "python3-gdal"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-8213.json"

Ubuntu:20.04:LTS

gdal

Package

Name: gdal
Purl: pkg:deb/ubuntu/gdal?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.4.2+dfsg-1build2

2.4.2+dfsg-1build4

2.4.2+dfsg-2

2.4.3+dfsg-1

3.*

3.0.4+dfsg-1

3.0.4+dfsg-1build1

3.0.4+dfsg-1build2

3.0.4+dfsg-1build3

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "3.0.4+dfsg-1build3",
            "binary_name": "gdal-bin"
        },
        {
            "binary_version": "3.0.4+dfsg-1build3",
            "binary_name": "gdal-data"
        },
        {
            "binary_version": "3.0.4+dfsg-1build3",
            "binary_name": "libgdal-java"
        },
        {
            "binary_version": "3.0.4+dfsg-1build3",
            "binary_name": "libgdal-perl"
        },
        {
            "binary_version": "3.0.4+dfsg-1build3",
            "binary_name": "libgdal26"
        },
        {
            "binary_version": "3.0.4+dfsg-1build3",
            "binary_name": "python3-gdal"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-8213.json"

Ubuntu:22.04:LTS

gdal

Package

Name: gdal
Purl: pkg:deb/ubuntu/gdal?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.2.2+dfsg-3ubuntu2

3.4.0+dfsg-1

3.4.1+dfsg-1

3.4.1+dfsg-1build1

3.4.1+dfsg-1build3

3.4.1+dfsg-1build4

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "3.4.1+dfsg-1build4",
            "binary_name": "gdal-bin"
        },
        {
            "binary_version": "3.4.1+dfsg-1build4",
            "binary_name": "gdal-data"
        },
        {
            "binary_version": "3.4.1+dfsg-1build4",
            "binary_name": "libgdal-perl"
        },
        {
            "binary_version": "3.4.1+dfsg-1build4",
            "binary_name": "libgdal30"
        },
        {
            "binary_version": "3.4.1+dfsg-1build4",
            "binary_name": "python3-gdal"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-8213.json"

Ubuntu:24.04:LTS

gdal

Package

Name: gdal
Purl: pkg:deb/ubuntu/gdal?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.7.1+dfsg-1build1

3.8.0+dfsg-1

3.8.1+dfsg-1build1

3.8.2+dfsg-1

3.8.3+dfsg-1

3.8.4+dfsg-1

3.8.4+dfsg-3ubuntu2

3.8.4+dfsg-3ubuntu3

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "3.8.4+dfsg-3ubuntu3",
            "binary_name": "gdal-bin"
        },
        {
            "binary_version": "3.8.4+dfsg-3ubuntu3",
            "binary_name": "gdal-data"
        },
        {
            "binary_version": "3.8.4+dfsg-3ubuntu3",
            "binary_name": "gdal-plugins"
        },
        {
            "binary_version": "3.8.4+dfsg-3ubuntu3",
            "binary_name": "libgdal34t64"
        },
        {
            "binary_version": "3.8.4+dfsg-3ubuntu3",
            "binary_name": "python3-gdal"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-8213.json"

Ubuntu:25.10

gdal

Package

Name: gdal
Purl: pkg:deb/ubuntu/gdal?arch=source&distro=questing

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.10.2+dfsg-1build3

3.10.3+dfsg-1

3.10.3+dfsg-1build1

3.10.3+dfsg-1build2

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "3.10.3+dfsg-1build2",
            "binary_name": "gdal-bin"
        },
        {
            "binary_version": "3.10.3+dfsg-1build2",
            "binary_name": "gdal-data"
        },
        {
            "binary_version": "3.10.3+dfsg-1build2",
            "binary_name": "gdal-plugins"
        },
        {
            "binary_version": "3.10.3+dfsg-1build2",
            "binary_name": "libgdal36"
        },
        {
            "binary_version": "3.10.3+dfsg-1build2",
            "binary_name": "python3-gdal"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-8213.json"

Ubuntu:26.04:LTS

gdal

Package

Name: gdal
Purl: pkg:deb/ubuntu/gdal?arch=source&distro=resolute

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.10.3+dfsg-1build2

3.10.3+dfsg-1build3

3.11.4+dfsg-1

3.12.0+dfsg-1

3.12.1+dfsg-1

3.12.2+dfsg-1

3.12.2+dfsg-1build1

3.12.2+dfsg-1build2

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "3.12.2+dfsg-1build2",
            "binary_name": "gdal-bin"
        },
        {
            "binary_version": "3.12.2+dfsg-1build2",
            "binary_name": "gdal-data"
        },
        {
            "binary_version": "3.12.2+dfsg-1build2",
            "binary_name": "gdal-plugins"
        },
        {
            "binary_version": "3.12.2+dfsg-1build2",
            "binary_name": "libgdal38"
        },
        {
            "binary_version": "3.12.2+dfsg-1build2",
            "binary_name": "python3-gdal"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-8213.json"

Ubuntu:Pro:14.04:LTS

gdal

Package

Name: gdal
Purl: pkg:deb/ubuntu/gdal?arch=source&distro=esm-infra-legacy%2Ftrusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.9.0-3.1ubuntu4

1.9.0-3.1ubuntu6

1.10.1+dfsg-2

1.10.1+dfsg-2build1

1.10.1+dfsg-3

1.10.1+dfsg-3build1

1.10.1+dfsg-3build2

1.10.1+dfsg-3ubuntu1

1.10.1+dfsg-3ubuntu2

1.10.1+dfsg-5ubuntu1

1.10.1+dfsg-5ubuntu1+esm1

1.10.1+dfsg-5ubuntu1+esm2

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "1.10.1+dfsg-5ubuntu1+esm2",
            "binary_name": "gdal-bin"
        },
        {
            "binary_version": "1.10.1+dfsg-5ubuntu1+esm2",
            "binary_name": "libgdal-java"
        },
        {
            "binary_version": "1.10.1+dfsg-5ubuntu1+esm2",
            "binary_name": "libgdal-perl"
        },
        {
            "binary_version": "1.10.1+dfsg-5ubuntu1+esm2",
            "binary_name": "libgdal1h"
        },
        {
            "binary_version": "1.10.1+dfsg-5ubuntu1+esm2",
            "binary_name": "python-gdal"
        },
        {
            "binary_version": "1.10.1+dfsg-5ubuntu1+esm2",
            "binary_name": "python3-gdal"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-8213.json"

Ubuntu:Pro:16.04:LTS

gdal

Package

Name: gdal
Purl: pkg:deb/ubuntu/gdal?arch=source&distro=esm-apps-legacy%2Fxenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.11.2+dfsg-3ubuntu3

1.11.2+dfsg-3ubuntu4

1.11.3+dfsg-2build1

1.11.3+dfsg-2build2

1.11.3+dfsg-2build3

1.11.3+dfsg-3

1.11.3+dfsg-3build1

1.11.3+dfsg-3build2

1.11.3+dfsg-3ubuntu0.1~esm1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "1.11.3+dfsg-3ubuntu0.1~esm1",
            "binary_name": "gdal-bin"
        },
        {
            "binary_version": "1.11.3+dfsg-3ubuntu0.1~esm1",
            "binary_name": "libgdal-java"
        },
        {
            "binary_version": "1.11.3+dfsg-3ubuntu0.1~esm1",
            "binary_name": "libgdal-perl"
        },
        {
            "binary_version": "1.11.3+dfsg-3ubuntu0.1~esm1",
            "binary_name": "libgdal1i"
        },
        {
            "binary_version": "1.11.3+dfsg-3ubuntu0.1~esm1",
            "binary_name": "python-gdal"
        },
        {
            "binary_version": "1.11.3+dfsg-3ubuntu0.1~esm1",
            "binary_name": "python3-gdal"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-8213.json"