285 matches found
Astra Linux – Vulnerability in Gdal
In GDAL version 3.0.1 and later, there is a double-free in the poolDestroy function within OGRExpatRealloc in the ogr/ogrexpat.cpp file, which occurs when the 10MB threshold is exceeded...
Astra Linux – Vulnerability in Gdal
GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in the PCIDSK::CPCIDSKFile::ReadFromFile function invoked from PCIDSK::CPCIDSKSegment::ReadFromFile and PCIDSK::CPCIDSKBinarySegment::CPCIDSKBinarySegment...
CVE-2026-9752
An authorized user could trigger a server crash by running a query with a 2dsphere index on a field that stores a GeoJSON GeometryCollection containing a Polygon with a strict-winding CRS. Strict-winding polygons are intentionally unsupported for indexing, but the guard that rejects them does not...
UBUNTU-CVE-2026-9752
An authorized user could trigger a server crash by running a query with a 2dsphere index on a field that stores a GeoJSON GeometryCollection containing a Polygon with a strict-winding CRS. Strict-winding polygons are intentionally unsupported for indexing, but the guard that rejects them does not...
CVE-2026-9752
MongoDB CVE-2026-9752 describes a vulnerability where an authorized user can trigger a server crash by executing a query that builds a 2dsphere index on a field containing a GeoJSON GeometryCollection with a Polygon that uses a strict-winding CRS. The underlying issue is that while strict-winding...
PT-2026-48302
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An authorized user can cause a server crash by executing a query using a 2dsphere index on a field containing a GeoJSON GeometryCollection. The issue occurs when...
MongoDB Server 代码问题漏洞
MongoDB Server is an open-source NoSQL database developed by MongoDB, a US-based company. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. There is a code vulnerability in MongoDB Server, which stems from the 2dsphere...
CVE-2026-8087 vulnerabilities
Vulnerabilities for packages: gdal...
CVE-2026-8212 vulnerabilities
Vulnerabilities for packages: gdal...
USN-8345-1 gdal vulnerability
It was discovered that the vendored LibTIFF in GDAL incorrectly handled memory when parsing malformed TIFF image metadata. An attacker could possibly use this issue to cause a denial of service, obtain sensitive information, or execute arbitrary code...
Linux Distros Unpatched Vulnerability : CVE-2026-49014
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In GDAL 3.1.0 through 3.13.0, scanForGeometryContainers in the netCDF driver allows code execution via a stack-based buffer overflow. It reads a geometry...
DEBIAN-CVE-2026-49014
In GDAL 3.1.0 through 3.13.0, scanForGeometryContainers in the netCDF driver allows code execution via a stack-based buffer overflow. It reads a geometry attribute into a fixed-size stack buffer without validating the attribute length. The attacker embeds the exploit as an oversized geometry...
PYSEC-2026-193
In GDAL 3.1.0 through 3.13.0, scanForGeometryContainers in the netCDF driver allows code execution via a stack-based buffer overflow. It reads a geometry attribute into a fixed-size stack buffer without validating the attribute length. The attacker embeds the exploit as an oversized geometry...
CVE-2026-49014
In GDAL 3.1.0 through 3.13.0, scanForGeometryContainers in the netCDF driver allows code execution via a stack-based buffer overflow. It reads a geometry attribute into a fixed-size stack buffer without validating the attribute length. The attacker embeds the exploit as an oversized geometry...
CVE-2026-49014
In GDAL 3.1.0 through 3.13.0, scanForGeometryContainers in the netCDF driver allows code execution via a stack-based buffer overflow. It reads a geometry attribute into a fixed-size stack buffer without validating the attribute length. The attacker embeds the exploit as an oversized geometry...
EUVD-2026-32039
In GDAL 3.1.0 through 3.13.0, scanForGeometryContainers in the netCDF driver allows code execution via a stack-based buffer overflow. It reads a geometry attribute into a fixed-size stack buffer without validating the attribute length. The attacker embeds the exploit as an oversized geometry...
CVE-2026-49014
CVE-2026-49014 affects GDAL versions 3.1.0–3.13.0 via the netCDF driver. The vulnerability resides in scanForGeometryContainers (frmts/netcdf/netcdfsg.cpp), where a geometry attribute is read into a fixed-size stack buffer without validating its length, allowing a stack-based buffer overflow that...
CVE-2026-49014
In GDAL 3.1.0 through 3.13.0, scanForGeometryContainers in the netCDF driver allows code execution via a stack-based buffer overflow. It reads a geometry attribute into a fixed-size stack buffer without validating the attribute length. The attacker embeds the exploit as an oversized geometry...
CVE-2026-49014
In GDAL 3.1.0 through 3.13.0, scanForGeometryContainers in the netCDF driver allows code execution via a stack-based buffer overflow. It reads a geometry attribute into a fixed-size stack buffer without validating the attribute length. The attacker embeds the exploit as an oversized geometry...
PT-2026-43475
Name of the Vulnerable Software and Affected Versions GDAL versions 3.1.0 through 3.13.0 Description The netCDF driver contains a stack-based buffer overflow in the scanForGeometryContainers function located in frmts/netcdf/netcdfsg.cpp. The issue occurs because the function reads a geometry...