OSGeo GDAL vulnerable to heap-based buffer overflow — CVE-2026-8087
GitHub · GitHub · CVE-2026-8087
ID
CVE-2026-8087
CVE-2026-8087
Date
Updated
Activity
Source
GitHub
GitHub
Vendor
GitHub
GitHub
Threat
low
low
CVSS
1.9
1.9
EPSS
0.00023
0.00023
Summary
A security flaw has been discovered in OSGeo gdal up to 3.13.0dev-4. Impacted is the function GDnentries of the file frmts/hdf4/hdf-eos/GDapi.c. Performing a manipulation of the argument DataFieldName results in heap-based buffer overflow. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. Upgrading to version 3.13.0RC1 is recommended to…
Product
pip: GDAL
What to do
General, cautious steps (verify details in the official source):
- Review exposure and plan remediation based on risk and environment.
- Identify affected product versions in your inventory and verify whether you are impacted.
- Apply vendor patches/updates or recommended mitigations as soon as available.
- Read the official advisory for exact affected versions and remediation steps.