Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/gdal@3.6.1
Typepypi
Namespace
Namegdal
Version3.6.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.13.1
Latest_non_vulnerable_version3.13.1
Affected_by_vulnerabilities
0
url VCID-1h42-g2r2-g3a2
vulnerability_id VCID-1h42-g2r2-g3a2
summary A weakness has been identified in OSGeo gdal up to 3.13.0dev-4. The affected element is the function GDfieldinfo of the file frmts/hdf4/hdf-eos/GDapi.c. Executing a manipulation can lead to out-of-bounds read. The attack needs to be launched locally. The exploit has been made available to the public and could be used for attacks. Upgrading to version 3.13.0RC1 is sufficient to fix this issue. This patch is called a791f70f8eaec540974ec989ca6fb00266b7646c. The affected component should be upgraded.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-8088
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.01494
published_at 2026-06-07T12:55:00Z
1
value 0.00011
scoring_system epss
scoring_elements 0.01491
published_at 2026-06-06T12:55:00Z
2
value 0.00011
scoring_system epss
scoring_elements 0.01483
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-8088
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8088
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8088
2
reference_url https://github.com/biniamf/pocs/tree/main/gdal-gdapi-gdfinfo-dimlist-oob-read
reference_id
reference_type
scores
0
value 1.7
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C
1
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
2
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
3
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
4
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
5
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-08T14:37:33Z/
url https://github.com/biniamf/pocs/tree/main/gdal-gdapi-gdfinfo-dimlist-oob-read
3
reference_url https://github.com/OSGeo/gdal
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/OSGeo/gdal
4
reference_url https://github.com/OSGeo/gdal/commit/a791f70f8eaec540974ec989ca6fb00266b7646c
reference_id
reference_type
scores
0
value 1.7
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C
1
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
2
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
3
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
4
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
5
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-08T14:37:33Z/
url https://github.com/OSGeo/gdal/commit/a791f70f8eaec540974ec989ca6fb00266b7646c
5
reference_url https://github.com/OSGeo/gdal/issues/14379
reference_id
reference_type
scores
0
value 1.7
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C
1
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
2
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
3
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
4
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
5
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-08T14:37:33Z/
url https://github.com/OSGeo/gdal/issues/14379
6
reference_url https://github.com/OSGeo/gdal/releases/tag/v3.13.0RC1
reference_id
reference_type
scores
0
value 1.7
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C
1
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
2
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
3
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
4
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
5
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-08T14:37:33Z/
url https://github.com/OSGeo/gdal/releases/tag/v3.13.0RC1
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-8088
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-8088
8
reference_url https://vuldb.com/submit/808040
reference_id
reference_type
scores
0
value 1.7
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C
1
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
2
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
3
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
4
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
5
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-08T14:37:33Z/
url https://vuldb.com/submit/808040
9
reference_url https://vuldb.com/vuln/361841
reference_id
reference_type
scores
0
value 1.7
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C
1
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
2
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
3
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
4
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
5
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-08T14:37:33Z/
url https://vuldb.com/vuln/361841
10
reference_url https://vuldb.com/vuln/361841/cti
reference_id
reference_type
scores
0
value 1.7
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C
1
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
2
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
3
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
4
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
5
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-08T14:37:33Z/
url https://vuldb.com/vuln/361841/cti
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1135997
reference_id 1135997
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1135997
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:osgeo:gdal:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:osgeo:gdal:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:osgeo:gdal:*:*:*:*:*:*:*:*
13
reference_url https://github.com/advisories/GHSA-j3f5-rw74-g4rv
reference_id GHSA-j3f5-rw74-g4rv
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j3f5-rw74-g4rv
fixed_packages
0
url pkg:pypi/gdal@3.13.0
purl pkg:pypi/gdal@3.13.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vpn7-bzcx-rucn
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/gdal@3.13.0
aliases CVE-2026-8088, GHSA-j3f5-rw74-g4rv
risk_score 2.1
exploitability 0.5
weighted_severity 4.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1h42-g2r2-g3a2
1
url VCID-3tzy-7gdx-f3gy
vulnerability_id VCID-3tzy-7gdx-f3gy
summary A security flaw has been discovered in OSGeo gdal up to 3.13.0dev-4. Impacted is the function GDnentries of the file frmts/hdf4/hdf-eos/GDapi.c. Performing a manipulation of the argument DataFieldName results in heap-based buffer overflow. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. Upgrading to version 3.13.0RC1 is recommended to address this issue. The patch is named 184f77dbcc74118c062c05e464c88161d3c37b9b. You should upgrade the affected component.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-8087
reference_id
reference_type
scores
0
value 0.00022
scoring_system epss
scoring_elements 0.06398
published_at 2026-06-07T12:55:00Z
1
value 0.00022
scoring_system epss
scoring_elements 0.06406
published_at 2026-06-06T12:55:00Z
2
value 0.00022
scoring_system epss
scoring_elements 0.06416
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-8087
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8087
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8087
2
reference_url https://github.com/biniamf/pocs/tree/main/gdal-gdinqfields_bof
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C
1
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
2
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
3
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
4
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
5
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-08T14:17:56Z/
url https://github.com/biniamf/pocs/tree/main/gdal-gdinqfields_bof
3
reference_url https://github.com/OSGeo/gdal
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/OSGeo/gdal
4
reference_url https://github.com/OSGeo/gdal/commit/184f77dbcc74118c062c05e464c88161d3c37b9b
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C
1
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
2
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
3
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
4
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
5
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-08T14:17:56Z/
url https://github.com/OSGeo/gdal/commit/184f77dbcc74118c062c05e464c88161d3c37b9b
5
reference_url https://github.com/OSGeo/gdal/issues/14363
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C
1
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
2
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
3
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
4
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
5
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-08T14:17:56Z/
url https://github.com/OSGeo/gdal/issues/14363
6
reference_url https://github.com/OSGeo/gdal/releases/tag/v3.13.0RC1
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C
1
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
2
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
3
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
4
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
5
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-08T14:17:56Z/
url https://github.com/OSGeo/gdal/releases/tag/v3.13.0RC1
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-8087
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-8087
8
reference_url https://vuldb.com/submit/808039
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C
1
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
2
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
3
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
4
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
5
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-08T14:17:56Z/
url https://vuldb.com/submit/808039
9
reference_url https://vuldb.com/vuln/361840
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C
1
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
2
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
3
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
4
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
5
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-08T14:17:56Z/
url https://vuldb.com/vuln/361840
10
reference_url https://vuldb.com/vuln/361840/cti
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C
1
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
2
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
3
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
4
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
5
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-08T14:17:56Z/
url https://vuldb.com/vuln/361840/cti
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1135997
reference_id 1135997
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1135997
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:osgeo:gdal:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:osgeo:gdal:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:osgeo:gdal:*:*:*:*:*:*:*:*
13
reference_url https://github.com/advisories/GHSA-h9rh-5ffh-h669
reference_id GHSA-h9rh-5ffh-h669
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h9rh-5ffh-h669
fixed_packages
0
url pkg:pypi/gdal@3.13.0
purl pkg:pypi/gdal@3.13.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vpn7-bzcx-rucn
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/gdal@3.13.0
aliases CVE-2026-8087, GHSA-h9rh-5ffh-h669
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3tzy-7gdx-f3gy
2
url VCID-vpn7-bzcx-rucn
vulnerability_id VCID-vpn7-bzcx-rucn
summary In GDAL 3.1.0 through 3.13.0, scanForGeometryContainers in the netCDF driver allows code execution via a stack-based buffer overflow. It reads a geometry attribute into a fixed-size stack buffer without validating the attribute length. The attacker embeds the exploit as an oversized geometry attribute in a crafted NetCDF file. This achieves arbitrary code execution on the server running GDAL. This is in frmts/netcdf/netcdfsg.cpp.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-49014
reference_id
reference_type
scores
0
value 0.00014
scoring_system epss
scoring_elements 0.02773
published_at 2026-06-07T12:55:00Z
1
value 0.00014
scoring_system epss
scoring_elements 0.0282
published_at 2026-06-05T12:55:00Z
2
value 0.00014
scoring_system epss
scoring_elements 0.02826
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-49014
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-49014
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-49014
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/OSGeo/gdal/issues/14594
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-05-27T13:51:40Z/
url https://github.com/OSGeo/gdal/issues/14594
fixed_packages
0
url pkg:pypi/gdal@3.13.1
purl pkg:pypi/gdal@3.13.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/gdal@3.13.1
aliases BIT-gdal-2026-49014, CVE-2026-49014, PYSEC-2026-193
risk_score 3.5
exploitability 0.5
weighted_severity 7.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vpn7-bzcx-rucn
Fixing_vulnerabilities
Risk_score3.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/gdal@3.6.1