Unrated severityNVD Advisory· Published Mar 20, 2026· Updated Mar 25, 2026

GMT: Stack-based Buffer Overflow in gmt_remote_dataset_id

CVE-2026-33147

Description

GMT is an open source collection of command-line tools for manipulating geographic and Cartesian data sets. In versions from 6.6.0 and prior, a stack-based buffer overflow vulnerability was identified in the gmt_remote_dataset_id function within src/gmt_remote.c. This issue occurs when a specially crafted long string is passed as a dataset identifier (e.g., via the which module), leading to a crash or potential arbitrary code execution. This issue has been patched via commit 0ad2b49.

Affected products

GMT/GMTllm-create
Range: 6.6.0 and prior
GenericMappingTools/gmtv5
Range: <= 6.6.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/GenericMappingTools/gmt/commit/0ad2b491470df82c9ec1139dcbd70502fa28a082mitrex_refsource_MISC
github.com/GenericMappingTools/gmt/security/advisories/GHSA-fqxx-62x7-9gwgmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000