Nixpkgs security tracker

Login with GitHub

Suggestion detail

Untriaged
Permalink CVE-2026-8086
5.3 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Local (L)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): Low (L)
  • Integrity (I): Low (L)
  • Availability (A): Low (L)
  • Exploit Code Maturity (E): Proof-of-Concept (P)
  • Remediation Level (RL): Official Fix (O)
  • Report Confidence (RC): Confirmed (C)
  • Modified Attack Vector (MAV): Local (L)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): Low (L)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): Low (L)
  • Modified Availability (MA): Low (L)
updated 2 weeks, 3 days ago by @LeSuisse Activity log
  • Created suggestion 2 weeks, 3 days ago
  • @LeSuisse ignored
    3 packages
    • haskellPackages.hgdal
    • ocamlPackages.gdal
    • ocamlPackages_latest.gdal
    2 weeks, 3 days ago
OSGeo gdal SWapi.c SWnentries heap-based overflow

A vulnerability was identified in OSGeo gdal up to 3.13.0dev-4. This issue affects the function SWnentries of the file frmts/hdf4/hdf-eos/SWapi.c. Such manipulation of the argument DimensionName leads to heap-based buffer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. Upgrading to version 3.12.4RC1 is capable of addressing this issue. The name of the patch is 9491e794f1757f08063ea2f7a274ad2994afa636. It is advisable to upgrade the affected component.

Affected products

gdal
  • ==3.12.4RC1
  • ==3.13.0dev-4

Matching in nixpkgs

pkgs.gdal

Translator library for raster geospatial data formats

Ignored packages (3)

Package maintainers