VYPR

Bitnami package

gdal

pkg:bitnami/gdal

Vulnerabilities (9)

  • CVE-2026-49014HigMay 27, 2026
    affected >= 3.1.0, < 3.13.1fixed 3.13.1

    In GDAL 3.1.0 through 3.13.0, scanForGeometryContainers in the netCDF driver allows code execution via a stack-based buffer overflow. It reads a geometry attribute into a fixed-size stack buffer without validating the attribute length. The attacker embeds the exploit as an oversi

  • CVE-2026-8213MedMay 9, 2026
    affected < 3.13.0fixed 3.13.0

    A vulnerability has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this issue is the function GDSDfldsrch of the file frmts/hdf4/hdf-eos/GDapi.c of the component Grid File Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached local

  • CVE-2026-8212MedMay 9, 2026
    affected < 3.13.0fixed 3.13.0

    A flaw has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this vulnerability is the function SWSDfldsrch of the file frmts/hdf4/hdf-eos/SWapi.c. Executing a manipulation can lead to heap-based buffer overflow. The attack requires local access. The exploit has been publis

  • CVE-2026-8088LowMay 7, 2026
    affected < 3.13.0fixed 3.13.0

    A weakness has been identified in OSGeo gdal up to 3.13.0dev-4. The affected element is the function GDfieldinfo of the file frmts/hdf4/hdf-eos/GDapi.c. Executing a manipulation can lead to out-of-bounds read. The attack needs to be launched locally. The exploit has been made ava

  • CVE-2026-8087MedMay 7, 2026
    affected < 3.13.0fixed 3.13.0

    A security flaw has been discovered in OSGeo gdal up to 3.13.0dev-4. Impacted is the function GDnentries of the file frmts/hdf4/hdf-eos/GDapi.c. Performing a manipulation of the argument DataFieldName results in heap-based buffer overflow. The attack must be initiated from a loca

  • CVE-2026-8086MedMay 7, 2026
    affected < 3.13.0fixed 3.13.0

    A vulnerability was identified in OSGeo gdal up to 3.13.0dev-4. This issue affects the function SWnentries of the file frmts/hdf4/hdf-eos/SWapi.c. Such manipulation of the argument DimensionName leads to heap-based buffer overflow. The attack must be carried out locally. The expl

  • CVE-2026-8084LowMay 7, 2026
    affected < 3.13.0fixed 3.13.0

    A vulnerability was determined in OSGeo gdal up to 3.13.0dev-4. This vulnerability affects the function memmove of the file frmts/hdf4/hdf-eos/SWapi.c of the component HDF-EOS Grid File Handler. This manipulation causes out-of-bounds read. The attack is restricted to local execut

  • CVE-2025-29480Apr 7, 2025
    affected >= 3.10.2, < 3.10.3fixed 3.10.3

    Buffer Overflow vulnerability in gdal 3.10.2 allows a local attacker to cause a denial of service via the OGRSpatialReference::Release function. NOTE: the Supplier indicates that the report is invalid and could not be reproduced.

  • CVE-2021-45943Dec 31, 2021
    affected >= 3.3.0, < 3.4.1fixed 3.4.1

    GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCIDSK::CPCIDSKFile::ReadFromFile (called from PCIDSK::CPCIDSKSegment::ReadFromFile and PCIDSK::CPCIDSKBinarySegment::CPCIDSKBinarySegment).