310 matches found
Django RasterField - SQL Injection
Django 6.0.2, 5.2.11, and 4.2.28 contains a SQL injection caused by improper sanitization of the band index parameter in RasterField on PostGIS, letting remote attackers inject SQL, exploit requires crafted input. id: CVE-2026-1207 info: name: Django RasterField - SQL Injection author: omarkurt...
CVE-2026-53877
A flaw was found in Django. Instantiating django.contrib.gis.gdal.GDALRaster with a bytes object representing a raster file can trigger a heap buffer over-read in the vsibuffer property, reading roughly 32 bytes past the end of the allocated buffer. An attacker who can supply crafted raster data...
Buffer Access with Incorrect Length Value
Overview Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Affected versions of this package are vulnerable to Buffer Access with Incorrect Length Value in the GDALRaster process when constructed from a bytes object. An attacker can access...
CVE-2026-53877
An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. django.contrib.gis.gdal.GDALRaster over-reads its in-memory buffer when constructed from a bytes object, which can disclose adjacent memory or cause service degradation via a potential segmentation fault when the vsibuffer...
EUVD-2026-42044
An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. django.contrib.gis.gdal.GDALRaster over-reads its in-memory buffer when constructed from a bytes object, which can disclose adjacent memory or cause service degradation via a potential segmentation fault when the vsibuffer...
CVE-2026-53877
This CVE affects Django’s GIS GDALRaster: in Django 6.0 prior to 6.0.7 and 5.2 prior to 5.2.16, constructing GDALRaster from a bytes object causes an in-memory buffer over-read, potentially disclosing adjacent memory or triggering a segmentation fault when the vsi_buffer property is accessed. Ear...
CVE-2026-53877 Heap buffer over-read in GDALRaster
An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. django.contrib.gis.gdal.GDALRaster over-reads its in-memory buffer when constructed from a bytes object, which can disclose adjacent memory or cause service degradation via a potential segmentation fault when the vsibuffer...
CVE-2026-53877
An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. django.contrib.gis.gdal.GDALRaster over-reads its in-memory buffer when constructed from a bytes object, which can disclose adjacent memory or cause service degradation via a potential segmentation fault when the vsibuffer...
PT-2026-56196
Name of the Vulnerable Software and Affected Versions Django versions 6.0 through 6.0.6 Django versions 5.2 through 5.2.15 Description An issue exists where django.contrib.gis.gdal.GDALRaster over-reads its in-memory buffer when constructed from a bytes object. This can lead to the disclosure of...
Linux Distros Unpatched Vulnerability : CVE-2026-53877
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. django.contrib.gis.gdal.GDALRaster over-reads its in-memory buffer when constructed fr...
RockyLinux 9 : libtiff (RLSA-2025:20801)
The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:20801 advisory. libtiff: TIFFRasterScanlineSize64 produce too-big size and could cause OOM CVE-2023-52355 libtiff: Segment fault in libtiff in TIFFReadRGBATileExt leadi...
Astra Linux – Vulnerability in cups
The vulnerability of the raster-interpret.c component in the CUPS printing server is related to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to cause service failures...
CLSA-2026-1777540724 cups: Fix of CVE-2023-4504
CVE-2023-4504: fix heap-based buffer overflow in cups raster-interpret PPD PostScript scanner; scanps in filter/interpret.c now returns NULL on a lone trailing backslash escape sequence rather than reading past the buffer terminator...
CLSA-2026-1777462768 cups: Fix of CVE-2023-4504
CVE-2023-4504: validate PPD PostScript input length to prevent heap-based buffer overflow in raster-interpret.c...
Exploit for SQL Injection in Djangoproject Django
CVE-2026-1207: Django GIS RasterField SQL Injection Vulnerabil...
openSUSE 16 Security Update : mapserver (openSUSE-SU-2026:20476-1)
The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20476-1 advisory. Changes in mapserver: - Update to release 8.6.1 msSLDParseRasterSymbolizer: fix potential heap buffer overflow boo1260869 CVE-2026-33721 GetFeatureInfo...
Django: Django: SQL Injection via RasterField band index parameter
A flaw was found in Django. A remote attacker could inject SQL commands by manipulating the band index parameter during raster lookups on RasterField only implemented on PostGIS. This SQL injection vulnerability could lead to unauthorized information disclosure, data alteration, or denial of...
[SECURITY] Fedora 42 Update: qgis-3.44.8-1.fc42
Geographic Information System GIS manages, analyzes, and displays databases of geographic information. QGIS supports shape file viewing and editing, spatial data storage with PostgreSQL/PostGIS, projection on-the-fly, map composition, and a number of other features via a plugin interface. QGIS al...
CLSA-2026-1773308416 cups-filters: Fix of 2 CVEs
CVE-2025-64503: fix out-of-bounds write in pdftoraster filter caused by integer overflow when processing PDFs with large MediaBox values - CVE-2025-57812: fix out-of-bounds read/write in imagetoraster TIFF processing caused by incorrect buffer size calculation in cupsImageLut...
OSV-2026-357 Heap-buffer-overflow in _cupsRasterAddError
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=489911024 Crash type: Heap-buffer-overflow WRITE 3 Crash state: cupsRasterAddError cupsRasterExecPS fuzzcups.c...