162 matches found
CVE-2026-58459
gpsd (through release-3.27.5) contains a command-injection in gpsprof when processing the GPS device subtype value. The subtype is written into a generated gnuplot program via a set title statement with only quotes escaped, enabling arbitrary shell commands to execute as the user running gnuplot ...
EUVD-2026-42622
gpsd through release-3.27.5, fixed at commit 4c06658, contains a command injection vulnerability in gpsprof that allows attackers who control the GPS device subtype value to execute arbitrary shell commands by embedding backtick payloads in the gnuplot plot title without proper escaping. The...
Astra Linux – Vulnerability in gpsd
There is an integer underflow vulnerability in the nextstate function in gpsd/packet.c in gpsd versions prior to the commit ffa1d6f40bca0b035fc7f5e563160ebb67199da7. When parsing a NAVCOM packet, the payload length is calculated using lexer-length = sizetc - 4, without checking whether the input...
Advisory ROSA-SA-2026-3228
software: gpsd 3.21 WASP: ROSA-CHROME unaffected versions = gpsd-3.21-5 affected versions gpsd-3.21-5 CVE-ID: CVE-2025-67268 BDU-ID: None CVE-Crit: CRITICAL CVE-DESC.: Vulnerability in gpsd before commit dc966aa: in drivers/drivernmea2000.c, function hnd129540 handling PGN 129540 - GNSS Satellite...
OESA-2026-1642 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: fs/xattr: missing fdput in fremovexattr error path In the Linux kernel, the fremovexattr syscall calls fdget to acquire a file reference but returns early withou...
OSV-2026-359 Segv on unknown address in gpsd_vlog
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=490142464 Crash type: Segv on unknown address Crash state: gpsdvlog gpsdlog processGSV...
OSV-2026-307 Global-buffer-overflow in navcom_parse
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=486709178 Crash type: Global-buffer-overflow READ 1 Crash state: navcomparse gpsdpoll FuzzDrivers.c...
OSV-2026-240 Use-of-uninitialized-value in packet_get1
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=483928517 Crash type: Use-of-uninitialized-value Crash state: packetget1 gpsdpoll FuzzDrivers.c...
OSV-2026-226 UNKNOWN WRITE in decode_xa2_00
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=482909898 Crash type: UNKNOWN WRITE Crash state: decodexa200 tsipparseinput gpsdpoll...
OSV-2026-212 UNKNOWN READ in gpsd_poll
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=482617785 Crash type: UNKNOWN READ Crash state: gpsdpoll FuzzDriversStructured.c...
OSV-2026-205 UNKNOWN READ in gpsd_poll
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=481932457 Crash type: UNKNOWN READ Crash state: gpsdpoll FuzzDrivers.c...
RHSA-2026:1621 Red Hat Security Advisory: gpsd security update
Bulletin has no description...
Important: Red Hat Security Advisory: gpsd security update
An update for gpsd is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
RHEL 10 : gpsd (RHSA-2026:1621)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:1621 advisory. gpsd is a service daemon that mediates access to a GPS sensor connected to the host computer by serial or USB interface, making its data on the...
OSV-2026-167 Use-of-uninitialized-value in aivdm_analyze
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=479564939 Crash type: Use-of-uninitialized-value Crash state: aivdmanalyze gpsdpoll FuzzDrivers.c...
Photon OS 4.0: Gpsd PHSA-2026-4.0-0948
An update of the gpsd package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-0948. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
Mageia: Security Advisory (MGASA-2026-0028)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Photon OS 4.0: Gpsd PHSA-2026-4.0-0947
An update of the gpsd package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-0947. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
Photon OS 5.0: Gpsd PHSA-2026-5.0-0737
An update of the gpsd package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0737. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
Photon OS 5.0: Gpsd PHSA-2026-5.0-0738
An update of the gpsd package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0738. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...