VYPR

Gdal

by Osgeo

pypi: gdal

Source repositories

CVEs (13)

  • CVE-2026-49014HigMay 27, 2026
    risk 0.48cvss 7.4epss 0.00

    In GDAL 3.1.0 through 3.13.0, scanForGeometryContainers in the netCDF driver allows code execution via a stack-based buffer overflow. It reads a geometry attribute into a fixed-size stack buffer without validating the attribute length. The attacker embeds the exploit as an…

  • CVE-2026-8213MedMay 9, 2026
    risk 0.27cvss 5.3epss 0.00

    A vulnerability has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this issue is the function GDSDfldsrch of the file frmts/hdf4/hdf-eos/GDapi.c of the component Grid File Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached…

  • CVE-2026-8212MedMay 9, 2026
    risk 0.27cvss 5.3epss 0.00

    A flaw has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this vulnerability is the function SWSDfldsrch of the file frmts/hdf4/hdf-eos/SWapi.c. Executing a manipulation can lead to heap-based buffer overflow. The attack requires local access. The exploit has been…

  • CVE-2026-8087MedMay 7, 2026
    risk 0.27cvss 5.3epss 0.00

    A security flaw has been discovered in OSGeo gdal up to 3.13.0dev-4. Impacted is the function GDnentries of the file frmts/hdf4/hdf-eos/GDapi.c. Performing a manipulation of the argument DataFieldName results in heap-based buffer overflow. The attack must be initiated from a…

  • CVE-2026-8086MedMay 7, 2026
    risk 0.27cvss 5.3epss 0.00

    A vulnerability was identified in OSGeo gdal up to 3.13.0dev-4. This issue affects the function SWnentries of the file frmts/hdf4/hdf-eos/SWapi.c. Such manipulation of the argument DimensionName leads to heap-based buffer overflow. The attack must be carried out locally. The…

  • CVE-2026-8088LowMay 7, 2026
    risk 0.14cvss 3.3epss 0.00

    A weakness has been identified in OSGeo gdal up to 3.13.0dev-4. The affected element is the function GDfieldinfo of the file frmts/hdf4/hdf-eos/GDapi.c. Executing a manipulation can lead to out-of-bounds read. The attack needs to be launched locally. The exploit has been made…

  • CVE-2026-8084LowMay 7, 2026
    risk 0.14cvss 3.3epss 0.00

    A vulnerability was determined in OSGeo gdal up to 3.13.0dev-4. This vulnerability affects the function memmove of the file frmts/hdf4/hdf-eos/SWapi.c of the component HDF-EOS Grid File Handler. This manipulation causes out-of-bounds read. The attack is restricted to local…

  • CVE-2026-4738Mar 24, 2026
    risk 0.00cvss epss 0.00

    Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in OSGeo gdal (frmts/zlib/contrib/infback9 modules). This vulnerability is associated with program files inftree9.C‎. This issue affects gdal: before 3.11.0.

  • CVE-2025-29480Apr 7, 2025
    risk 0.00cvss epss 0.00

    Buffer Overflow vulnerability in gdal 3.10.2 allows a local attacker to cause a denial of service via the OGRSpatialReference::Release function. NOTE: the Supplier indicates that the report is invalid and could not be reproduced.

  • CVE-2021-45943Dec 31, 2021
    risk 0.00cvss epss 0.01

    GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCIDSK::CPCIDSKFile::ReadFromFile (called from PCIDSK::CPCIDSKSegment::ReadFromFile and PCIDSK::CPCIDSKBinarySegment::CPCIDSKBinarySegment).

  • CVE-2019-25050Jul 20, 2021
    risk 0.00cvss epss 0.00

    netCDF in GDAL 2.4.2 through 3.0.4 has a stack-based buffer overflow in nc4_get_att (called from nc4_get_att_tc and nc_get_att_text) and in uffd_cleanup (called from netCDFDataset::~netCDFDataset and netCDFDataset::~netCDFDataset).

  • CVE-2019-17545Oct 14, 2019
    risk 0.00cvss epss 0.03

    GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded.

  • CVE-2005-3581Nov 16, 2005
    risk 0.00cvss epss 0.00

    GDAL before 1.3.0-r1 allows local users in the portage group to increase privileges via a shared object in the Portage temporary build directory, which is added to the search path allowing objects in it to be loaded at runtime.