3 matches found
CVE-2020-9488
CVE-2020-9488 affects the Apache Log4j2 SMTP appender. The issue is improper validation of the SSL/TLS certificate when the host name does not match, potentially allowing a man-in-the-middle to intercept SMTPS traffic and leak log messages. The concrete remediation is to upgrade to affected relea...
CVE-2019-17545
CVE-2019-17545 affects GDAL up to 3.0.1, with a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded. Public advisories (Debian DLA-2877/3129, Mageia, Fedora) confirm the issue and list CVE-2019-17545 as fixable by upgrading GDAL to newer builds; Deb...
CVE-2021-45943
GDAL 3.3.0–3.4.0 contains a heap-based buffer overflow in PCIDSKFile::ReadFromFile (invoked via PCIDSKSegment::ReadFromFile and PCIDSKBinarySegment::CPCIDSKBinarySegment). This can cause denial of service and may permit arbitrary code execution when processing crafted PCIDSK data. Public advisori...