HIGHVulnerability
Verified
Global

NVD HIGH: CVE-2026-8087 — A security flaw has been discovered in OSGeo gdal up to 3.13.0dev-4. Impacted is...

·Source: NIST NVD

Updated:

Executive Summary

A security flaw has been discovered in OSGeo gdal up to 3.13.0dev-4. Impacted is the function GDnentries of the file frmts/hdf4/hdf-eos/GDapi.c. Performing a manipulation of the argument DataFieldName results in heap-based buffer overflow. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. Upgrading to version 3.13.0RC1 is r

Analysis

A security flaw has been discovered in OSGeo gdal up to 3.13.0dev-4. Impacted is the function GDnentries of the file frmts/hdf4/hdf-eos/GDapi.c. Performing a manipulation of the argument DataFieldName results in heap-based buffer overflow. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. Upgrading to version 3.13.0RC1 is recommended to address this issue. The patch is named 184f77dbcc74118c062c05e464c88161d3c37b9b. You should upgrade the affected component. CVSS Score: 5.3. Published: 2026-05-07T20:16:45.343.

Indicators of Compromise (2)

SHA-1 (1)
184f77dbcc74118c062c05e464c88161d3c37b9b
VirusTotalAnyRunJoe Sandbox
CVE (1)
CVE-2026-8087
NVDMITRE CVE
Source Attribution

Originally published by NIST NVD on May 7, 2026. Verified by: NIST.

Related Threats

MEDIUMVulnerabilityNEW

Deutsche Bank joins $120m funding round for crypto analytics firm Elliptic

Cryptocurrency and blockchain surveillance and analytics specialist Elliptic has raised $120 million in a Series D funding round led by One Peak, with participation from Nasdaq Ventures, Deutsche Bank and the British Business Bank.

Finextra
MEDIUMVulnerabilityNEW

Paybis secures MiCA and PSD2 licences

Paybis, a trusted cryptocurrency platform serving 7 million people, today joins a small club of global crypto platforms to have received authorisation as a Crypto Asset Service Provider (CASP) under the EU’s Markets in Crypto-Assets regulation (MiCA), alongside receiving a Payment Institution (PI) licence under PSD2 simultaneously, on the same day.

Finextra
CRITICALVulnerability

73 Seconds to Breach, 24 Hours to Patch: The Case for Autonomous Validation

Attackers can compromise systems in minutes while patching and response still take hours or days. Picus Security breaks down why autonomous validation is becoming critical for modern defense strategies. [...]

BleepingComputer