Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Osgeo Subscribe
Filtered by product Gdal
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-45943 4 Debian, Fedoraproject, Oracle and 1 more 4 Debian Linux, Fedora, Spatial And Graph and 1 more 2022-11-04 4.3 MEDIUM 5.5 MEDIUM
GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCIDSK::CPCIDSKFile::ReadFromFile (called from PCIDSK::CPCIDSKSegment::ReadFromFile and PCIDSK::CPCIDSKBinarySegment::CPCIDSKBinarySegment).
CVE-2019-17545 5 Debian, Fedoraproject, Opensuse and 2 more 6 Debian Linux, Fedora, Backports Sle and 3 more 2022-10-27 7.5 HIGH 9.8 CRITICAL
GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded.
CVE-2019-25050 1 Osgeo 1 Gdal 2021-07-29 4.6 MEDIUM 7.8 HIGH
netCDF in GDAL 2.4.2 through 3.0.4 has a stack-based buffer overflow in nc4_get_att (called from nc4_get_att_tc and nc_get_att_text) and in uffd_cleanup (called from netCDFDataset::~netCDFDataset and netCDFDataset::~netCDFDataset).
CVE-2019-17546 2 Libtiff, Osgeo 2 Libtiff, Gdal 2020-08-24 6.8 MEDIUM 8.8 HIGH
tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition.