OSV-2026-649 Container-overflow in OGRGeometryFactory::organizePolygons

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=506932597 Crash type: Container-overflow WRITE 1 Crash state: OGRGeometryFactory::organizePolygons OGRCreateFromShapeBin OpenFileGDB::FileGDBOGRGeometryConverterImpl::CreateCurveGeometry...

EUVD-2016-10639

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2019-17545

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogrexpat.cpp when the 10MB threshold is exceeded. CVE-2019-17545 Note that Nessus...

SUSE CVE-2025-29480

Buffer Overflow vulnerability in gdal 3.10.2 allows a local attacker to cause a denial of service via the OGRSpatialReference::Release function. NOTE: the Supplier indicates that the report is invalid and could not be reproduced...

AZL-59715 CVE-2025-29480 affecting package gdal 3.6.3-5

Buffer Overflow vulnerability in gdal 3.10.2 allows a local attacker to cause a denial of service via the OGRSpatialReference::Release function. NOTE: the Supplier indicates that the report is invalid and could not be reproduced...

AZL-61789 CVE-2025-29480 affecting package gdal 3.6.3-2

Buffer Overflow vulnerability in gdal 3.10.2 allows a local attacker to cause a denial of service via the OGRSpatialReference::Release function. NOTE: the Supplier indicates that the report is invalid and could not be reproduced...

PYSEC-2025-117

Buffer Overflow vulnerability in gdal 3.10.2 allows a local attacker to cause a denial of service via the OGRSpatialReference::Release function. NOTE: the Supplier indicates that the report is invalid and could not be reproduced...

DEBIAN-CVE-2025-29480

Buffer Overflow vulnerability in gdal 3.10.2 allows a local attacker to cause a denial of service via the OGRSpatialReference::Release function. NOTE: the Supplier indicates that the report is invalid and could not be reproduced...

UBUNTU-CVE-2025-29480

Buffer Overflow vulnerability in gdal 3.10.2 allows a local attacker to cause a denial of service via the OGRSpatialReference::Release function. NOTE: the Supplier indicates that the report is invalid and could not be reproduced...

[SECURITY] Fedora 34 Update: gdal-3.2.2-3.fc34

Geospatial Data Abstraction Library GDAL/OGR is a cross platform C++ translator library for raster and vector geospatial data formats. As a library, it presents a single abstract data model to the calling application for all supported formats. It also comes with a variety of useful commandline...

GDAL Double Release Vulnerability

GDAL is an open source software library for manipulating various raster and vector geospatial data formats. A poolDestroy double-release vulnerability exists in OGRExpatRealloc in ogr/ogrexpat.cpp in GDAL 3.0.1 and earlier when the 10MB threshold is exceeded, and no detailed vulnerability details...

PT-2019-6214 · Osgeo +3 · Gdal +3

Name of the Vulnerable Software and Affected Versions: GDAL versions 3.0.1 and earlier Description: The issue is related to a double free in the OGRExpatRealloc function in the ogr/ogr expat.cpp file of the GDAL library, which occurs when the 10MB threshold is exceeded. This can allow a remote...

[SECURITY] Fedora 29 Update: gdal-2.3.2-1.fc29

Geospatial Data Abstraction Library GDAL/OGR is a cross platform C++ translator library for raster and vector geospatial data formats. As a library, it presents a single abstract data model to the calling application for all supported formats. It also comes with a variety of useful commandline...

gdal/ogr_filesystem_fuzzer: NULL

Project: https://github.com/OSGeo/gdal.git Detailed report: https://oss-fuzz.com/testcase?key=5745322799136768 Project: gdal Fuzzer: libFuzzergdalogrfilesystemfuzzer Fuzz target binary: ogrfilesystemfuzzer Job Type: libfuzzerubsangdal Platform Id: linux Crash Type: Null-dereference READ Crash...

MapServer < 7.0.3 Information Disclosure Vulnerability

MapServer is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:osgeo:mapserver";...

MapServer Information Disclosure Vulnerability

MapServer is a C-based open source map data rendering engine developed by the University of Minnesota USA, which can be used to display spatial data and to realize interactive map applications on the Web e.g., creating "geographic image maps". An information disclosure vulnerability exists in the...

CVE-2016-9839

In MapServer before 7.0.3, OGR driver error messages are too verbose and may leak sensitive information if data connection fails...

CVE-2016-9839

In MapServer before 7.0.3, OGR driver error messages are too verbose and may leak sensitive information if data connection fails...

CVE-2016-9839

In MapServer before 7.0.3, OGR driver error messages are too verbose and may leak sensitive information if data connection fails...

Design/Logic Flaw

In MapServer before 7.0.3, OGR driver error messages are too verbose and may leak sensitive information if data connection fails...