NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-8084

Summary	A vulnerability was determined in OSGeo gdal up to 3.13.0dev-4. This vulnerability affects the function memmove of the file frmts/hdf4/hdf-eos/SWapi.c of the component HDF-EOS Grid File Handler. This manipulation causes out-of-bounds read. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized. Upgrading to version 3.13.0RC1 is able to resolve this issue. Patch name: a791f70f8eaec540974ec989ca6fb00266b7646c. Upgrading the affected component is advised.
Publication Date	May 8, 2026, 4:16 a.m.
Registration Date	May 9, 2026, 4:10 a.m.
Last Update	May 8, 2026, 4:48 a.m.

CVSS3.1 : LOW
スコア	3.3
Vector	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
攻撃元区分(AV)	ローカル
攻撃条件の複雑さ(AC)	低
攻撃に必要な特権レベル(PR)	低
利用者の関与(UI)	不要
影響の想定範囲(S)	変更なし
機密性への影響(C)	なし
完全性への影響(I)	なし
可用性への影響(A)	低

CVSS2.0 : LOW
Score	1.7
Vector	AV:L/AC:L/Au:S/C:N/I:N/A:P
攻撃元区分(AV)	ローカル
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	単一
機密性への影響(C)	なし
完全性への影響(I)	なし
可用性への影響(A)	低
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Related information, measures and tools

No	URL	refsource	タグ
1	https://github.com/OSGeo/gdal/	cna@vuldb.com
2	https://github.com/OSGeo/gdal/commit/a791f70f8eaec540974ec989ca6fb00266b7646c	cna@vuldb.com
3	https://github.com/OSGeo/gdal/issues/14378	cna@vuldb.com
4	https://github.com/OSGeo/gdal/releases/tag/v3.13.0RC1	cna@vuldb.com
5	https://github.com/biniamf/pocs/blob/main/gdal_swfinfo_dimlist_oob-rw	cna@vuldb.com
6	https://github.com/biniamf/pocs/tree/main/gdal_swfinfo_dimlist_oob-rw	cna@vuldb.com
7	https://vuldb.com/submit/808034	cna@vuldb.com
8	https://vuldb.com/vuln/361838	cna@vuldb.com
9	https://vuldb.com/vuln/361838/cti	cna@vuldb.com

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-119	バッファエラー	https://cwe.mitre.org/data/definitions/118.html
2	CWE-125	境界外読み取り	https://cwe.mitre.org/data/definitions/125.html