142 matches found
SUSE CVE-2026-49014
In GDAL 3.1.0 through 3.13.0, scanForGeometryContainers in the netCDF driver allows code execution via a stack-based buffer overflow. It reads a geometry attribute into a fixed-size stack buffer without validating the attribute length. The attacker embeds the exploit as an oversized geometry...
DEBIAN-CVE-2026-49014
In GDAL 3.1.0 through 3.13.0, scanForGeometryContainers in the netCDF driver allows code execution via a stack-based buffer overflow. It reads a geometry attribute into a fixed-size stack buffer without validating the attribute length. The attacker embeds the exploit as an oversized geometry...
CVE-2026-49014
In GDAL 3.1.0 through 3.13.0, scanForGeometryContainers in the netCDF driver allows code execution via a stack-based buffer overflow. It reads a geometry attribute into a fixed-size stack buffer without validating the attribute length. The attacker embeds the exploit as an oversized geometry...
UBUNTU-CVE-2026-49014
In GDAL 3.1.0 through 3.13.0, scanForGeometryContainers in the netCDF driver allows code execution via a stack-based buffer overflow. It reads a geometry attribute into a fixed-size stack buffer without validating the attribute length. The attacker embeds the exploit as an oversized geometry...
CVE-2026-49014
In GDAL 3.1.0 through 3.13.0, scanForGeometryContainers in the netCDF driver allows code execution via a stack-based buffer overflow. It reads a geometry attribute into a fixed-size stack buffer without validating the attribute length. The attacker embeds the exploit as an oversized geometry...
CVE-2026-49014
In GDAL 3.1.0 through 3.13.0, scanForGeometryContainers in the netCDF driver allows code execution via a stack-based buffer overflow. It reads a geometry attribute into a fixed-size stack buffer without validating the attribute length. The attacker embeds the exploit as an oversized geometry...
CVE-2026-49014
CVE-2026-49014 affects GDAL versions 3.1.0–3.13.0 via the netCDF driver. The vulnerability resides in scanForGeometryContainers (frmts/netcdf/netcdfsg.cpp), where a geometry attribute is read into a fixed-size stack buffer without validating its length, allowing a stack-based buffer overflow that...
CVE-2026-49014
In GDAL 3.1.0 through 3.13.0, scanForGeometryContainers in the netCDF driver allows code execution via a stack-based buffer overflow. It reads a geometry attribute into a fixed-size stack buffer without validating the attribute length. The attacker embeds the exploit as an oversized geometry...
CVE-2026-49014
In GDAL 3.1.0 through 3.13.0, scanForGeometryContainers in the netCDF driver allows code execution via a stack-based buffer overflow. It reads a geometry attribute into a fixed-size stack buffer without validating the attribute length. The attacker embeds the exploit as an oversized geometry...
EUVD-2026-32039
In GDAL 3.1.0 through 3.13.0, scanForGeometryContainers in the netCDF driver allows code execution via a stack-based buffer overflow. It reads a geometry attribute into a fixed-size stack buffer without validating the attribute length. The attacker embeds the exploit as an oversized geometry...
GDAL 安全漏洞
GDAL is an open-source geospatial data abstraction library developed by the GDAL community. Versions 3.1.0 to 3.13.0 of GDAL contain security vulnerabilities. These vulnerabilities stem from the scanForGeometryContainers function in the netCDF driver, which reads geometric properties into a...
PT-2026-43475
In GDAL 3.1.0 through 3.13.0, scanForGeometryContainers in the netCDF driver allows code execution via a stack-based buffer overflow. It reads a geometry attribute into a fixed-size stack buffer without validating the attribute length. The attacker embeds the exploit as an oversized geometry...
Astra Linux - уязвимость в netcdf
A issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxmlcharcontent attempts to use realloc on a block that has not been allocated, resulting in an invalid free operation and a segmentation fault...
Astra Linux - уязвимость в netcdf
A issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxmlinternaldtd, when parsing a crafted XML file, performs incorrect memory handling, resulting in a NULL pointer being dereferenced while running strcmp on a NULL pointer...
Astra Linux - уязвимость в netcdf
The ezxmlnew function in ezXML 0.8.6 and earlier is vulnerable to OOB write attacks when opening an XML file after exhausting the memory pool...
Astra Linux - уязвимость в netcdf
A issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxmlcharcontent places a pointer to the internal address of a larger block as xml-txt. This pointer is later deallocated using free, resulting in a segmentation fault...
Astra Linux - уязвимость в netcdf
The ezxmltoxml function in ezxml 0.8.6 and earlier is vulnerable to out-of-band OOB writes when opening an XML file after exhausting the memory pool...
Astra Linux - уязвимость в netcdf
The ezxmlnew function in ezXML 0.8.6 and earlier is vulnerable to OOB write attacks when opening an XML file after exhausting the memory pool...
Astra Linux - уязвимость в netcdf
An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxmlentok mishandles recursion, leading to stack consumption for a crafted XML file...
Astra Linux - уязвимость в netcdf
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxmldecode performs incorrect memory handling while parsing crafted XML files, leading to a heap-based buffer overflow...