OSGeo GDAL Heap-Based Buffer Overflow Vulnerability in HDF-EOS Processing

A heap-based buffer overflow vulnerability has been identified in OSGeo GDAL versions through 3.13.0dev-4. This issue arises in the HDF4-EOS Grid API, specifically within the GDnentries function of GDapi.c. The vulnerability is triggered by unbounded string concatenation into a user-allocated buffer, which can lead to memory corruption. This flaw is particularly concerning as it allows for a potential overwrite of heap memory, which could be exploited to execute arbitrary code.

Impact

Exploitation of this vulnerability causes a heap buffer overflow, which can lead to a denial-of-service condition by crashing the application. Additionally, such heap-based overflows are often exploitable to execute arbitrary code under certain conditions.

Reproduction

The vulnerability can be reproduced by using a crafted HDF-EOS file that contains unquoted DataFieldName values. When this file is processed with GDAL's HDF4-EOS multidimensional support, the buffer overflow occurs. The AddressSanitizer tool can be used to detect the overflow, which will manifest as an error indicating a heap-buffer-overflow condition.

Remediation

Users are advised to upgrade to OSGeo GDAL version 3.13.0RC1, where this vulnerability has been fixed.