CVE-2026-8084

import sys from osgeo import gdal # PoC for CVE-2026-8084 # This script attempts to trigger the out-of-bounds read # by opening a crafted HDF-EOS file. filename = 'poc_cve_2026_8084.hdf' try: # Trigger the vulnerability in SWapi.c memmove ds = gdal.Open(filename) if ds is not None: print("File opened successfully, checking data...") # Accessing metadata might trigger the specific code path metadata = ds.GetMetadata() print(metadata) else: print("Failed to open file.") except Exception as e: print(f"An error occurred (likely crash or exception): {e}")

{"cve": {"id": "CVE-2026-8084", "sourceIdentifier": "[email protected]", "published": "2026-05-07T19:16:02.950", "lastModified": "2026-05-08T20:11:59.013", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in OSGeo gdal up to 3.13.0dev-4. This vulnerability affects the function memmove of the file frmts/hdf4/hdf-eos/SWapi.c of the component HDF-EOS Grid File Handler. This manipulation causes out-of-bounds read. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized. Upgrading to version 3.13.0RC1 is able to resolve this issue. Patch name: a791f70f8eaec540974ec989ca6fb00266b7646c. Upgrading the affected component is advised."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 1.9, "baseSeverity": "LOW", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "baseScore": 3.3, "baseSeverity": "LOW", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW"}, "exploitabilityScore": 1.8, "impactScore": 1.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 3.6}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P", "baseScore": 1.7, "accessVector": "LOCAL", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "PARTIAL"}, "baseSeverity": "LOW", "exploitabilityScore": 3.1, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-125"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:osgeo:gdal:*:*:*:*:*:*:*:*", "versionEndIncluding": "3.12.4", "matchCriteriaId": "42C34F23-189A-408C-B8DF-A7CD215EDB9D"}, {"vulnerable": true, "criteria": "cpe:2.3:a:osgeo:gdal:3.13.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "CBBA367E-AC85-4772-9522-12C10B9794EB"}, {"vulnerable": true, "criteria": "cpe:2.3:a:osgeo:gdal:3.13.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "A2E18623-F659-4CD5-8252-3F79C065A8CA"}]}]}], "references": [{"url": "https://github.com/OSGeo/gdal/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/OSGeo/gdal/commit/a791f70f8eaec540974ec989ca6fb00266b7646c", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/OSGeo/gdal/issues/14378", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Patch", "Vendor Advisory"]}, {"url": "https://github.com/OSGeo/gdal/releases/tag/v3.13.0RC1", "source": "[email protected]", "tags": ["Release Notes"]}, {"url": "https://github. ... (truncated)