6 matches found
EUVD-2026-28435
A security flaw has been discovered in OSGeo gdal up to 3.13.0dev-4. Impacted is the function GDnentries of the file frmts/hdf4/hdf-eos/GDapi.c. Performing a manipulation of the argument DataFieldName results in heap-based buffer overflow. The attack must be initiated from a local position. The...
Heap-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the GDnentries function. An attacker can execute arbitrary code or cause a denial of service by providing a specially crafted DataFieldName argument. Remediation A fix was pushed into the master branch but...
CVE-2026-8087
A security flaw has been discovered in OSGeo gdal up to 3.13.0dev-4. Impacted is the function GDnentries of the file frmts/hdf4/hdf-eos/GDapi.c. Performing a manipulation of the argument DataFieldName results in heap-based buffer overflow. The attack must be initiated from a local position. The...
CVE-2026-8087 OSGeo gdal GDapi.c GDnentries heap-based overflow
A security flaw has been discovered in OSGeo gdal up to 3.13.0dev-4. Impacted is the function GDnentries of the file frmts/hdf4/hdf-eos/GDapi.c. Performing a manipulation of the argument DataFieldName results in heap-based buffer overflow. The attack must be initiated from a local position. The...
CVE-2026-8087
Summary: CVE-2026-8087 affects OSGeo GDAL up to 3.13.0dev-4. The vulnerable component is the function GDnentries in frmts/hdf4/hdf-eos/GDapi.c, where manipulating the DataFieldName argument triggers a heap-based buffer overflow. The issue requires local access and, per connected sources, the expl...
PT-2026-38559
Name of the Vulnerable Software and Affected Versions OSGeo gdal versions prior to 3.13.0RC1 Description A heap-based buffer overflow occurs in the GDnentries function within the frmts/hdf4/hdf-eos/GDapi.c file. This issue is triggered by manipulating the DataFieldName argument and requires the...