8 matches found
CVE-2026-53877
A flaw was found in Django. Instantiating django.contrib.gis.gdal.GDALRaster with a bytes object representing a raster file can trigger a heap buffer over-read in the vsibuffer property, reading roughly 32 bytes past the end of the allocated buffer. An attacker who can supply crafted raster data...
Buffer Access with Incorrect Length Value
Overview Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Affected versions of this package are vulnerable to Buffer Access with Incorrect Length Value in the GDALRaster process when constructed from a bytes object. An attacker can access...
CVE-2026-53877 Heap buffer over-read in GDALRaster
An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. django.contrib.gis.gdal.GDALRaster over-reads its in-memory buffer when constructed from a bytes object, which can disclose adjacent memory or cause service degradation via a potential segmentation fault when the vsibuffer...
CVE-2026-53877
This CVE affects Django’s GIS GDALRaster: in Django 6.0 prior to 6.0.7 and 5.2 prior to 5.2.16, constructing GDALRaster from a bytes object causes an in-memory buffer over-read, potentially disclosing adjacent memory or triggering a segmentation fault when the vsi_buffer property is accessed. Ear...
CVE-2026-53877
An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. django.contrib.gis.gdal.GDALRaster over-reads its in-memory buffer when constructed from a bytes object, which can disclose adjacent memory or cause service degradation via a potential segmentation fault when the vsibuffer...
EUVD-2026-42044
An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. django.contrib.gis.gdal.GDALRaster over-reads its in-memory buffer when constructed from a bytes object, which can disclose adjacent memory or cause service degradation via a potential segmentation fault when the vsibuffer...
Linux Distros Unpatched Vulnerability : CVE-2026-53877
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. django.contrib.gis.gdal.GDALRaster over-reads its in-memory buffer when constructed fr...
PT-2026-56196
Name of the Vulnerable Software and Affected Versions Django versions 6.0 through 6.0.6 Django versions 5.2 through 5.2.15 Description An issue exists where django.contrib.gis.gdal.GDALRaster over-reads its in-memory buffer when constructed from a bytes object. This can lead to the disclosure of...