Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/gdal@3.6.2%2Bdfsg-1?distro=trixie
Typedeb
Namespacedebian
Namegdal
Version3.6.2+dfsg-1
Qualifiers
distro trixie
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.11.3+dfsg-1
Latest_non_vulnerable_version3.13.1+dfsg-1
Affected_by_vulnerabilities
0
url VCID-1jx1-hxm7-vfdh
vulnerability_id VCID-1jx1-hxm7-vfdh
summary A vulnerability has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this issue is the function GDSDfldsrch of the file frmts/hdf4/hdf-eos/GDapi.c of the component Grid File Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 3.13.0RC1 can resolve this issue. The identifier of the patch is 3e04c0385630e4d42517046d9a4967dfccfeb7fd. It is suggested to upgrade the affected component.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-8213
reference_id
reference_type
scores
0
value 8e-05
scoring_system epss
scoring_elements 0.00842
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-8213
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8213
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8213
2
reference_url https://github.com/OSGeo/gdal/issues/14399
reference_id 14399
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C
1
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
2
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
3
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T16:00:54Z/
url https://github.com/OSGeo/gdal/issues/14399
3
reference_url https://vuldb.com/vuln/362430
reference_id 362430
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C
1
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
2
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
3
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T16:00:54Z/
url https://vuldb.com/vuln/362430
4
reference_url https://vuldb.com/submit/808128
reference_id 808128
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C
1
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
2
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
3
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T16:00:54Z/
url https://vuldb.com/submit/808128
5
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:osgeo:gdal:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:osgeo:gdal:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:osgeo:gdal:*:*:*:*:*:*:*:*
6
reference_url https://vuldb.com/vuln/362430/cti
reference_id cti
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C
1
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
2
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
3
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T16:00:54Z/
url https://vuldb.com/vuln/362430/cti
7
reference_url https://github.com/biniamf/pocs/tree/main/gdal-gdsdfldsrch_oob-read
reference_id gdal-gdsdfldsrch_oob-read
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C
1
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
2
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
3
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T16:00:54Z/
url https://github.com/biniamf/pocs/tree/main/gdal-gdsdfldsrch_oob-read
fixed_packages
0
url pkg:deb/debian/gdal@3.13.0%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/gdal@3.13.0%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdal@3.13.0%252Bdfsg-1%3Fdistro=trixie
1
url pkg:deb/debian/gdal@3.13.1%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/gdal@3.13.1%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdal@3.13.1%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2026-8213
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1jx1-hxm7-vfdh
1
url VCID-gs9m-dfuj-fkdh
vulnerability_id VCID-gs9m-dfuj-fkdh
summary A flaw has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this vulnerability is the function SWSDfldsrch of the file frmts/hdf4/hdf-eos/SWapi.c. Executing a manipulation can lead to heap-based buffer overflow. The attack requires local access. The exploit has been published and may be used. Upgrading to version 3.13.0RC1 addresses this issue. This patch is called 3e04c0385630e4d42517046d9a4967dfccfeb7fd. The affected component should be upgraded.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-8212
reference_id
reference_type
scores
0
value 0.00022
scoring_system epss
scoring_elements 0.06527
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-8212
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8212
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8212
2
reference_url https://github.com/biniamf/pocs/tree/main/gdal-swsdfldsrch_oob-read
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C
1
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
2
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
3
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
4
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
5
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T14:56:25Z/
url https://github.com/biniamf/pocs/tree/main/gdal-swsdfldsrch_oob-read
3
reference_url https://github.com/OSGeo/gdal
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/OSGeo/gdal
4
reference_url https://github.com/OSGeo/gdal/
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C
1
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
2
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
3
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
4
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T14:56:25Z/
url https://github.com/OSGeo/gdal/
5
reference_url https://github.com/OSGeo/gdal/commit/3e04c0385630e4d42517046d9a4967dfccfeb7fd
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C
1
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
2
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
3
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
4
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
5
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T14:56:25Z/
url https://github.com/OSGeo/gdal/commit/3e04c0385630e4d42517046d9a4967dfccfeb7fd
6
reference_url https://github.com/OSGeo/gdal/issues/14398
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C
1
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
2
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
3
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
4
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
5
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T14:56:25Z/
url https://github.com/OSGeo/gdal/issues/14398
7
reference_url https://github.com/OSGeo/gdal/releases/tag/v3.13.0RC1
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C
1
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
2
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
3
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
4
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
5
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T14:56:25Z/
url https://github.com/OSGeo/gdal/releases/tag/v3.13.0RC1
8
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/gdal/PYSEC-2026-4.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/gdal/PYSEC-2026-4.yaml
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-8212
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-8212
10
reference_url https://vuldb.com/submit/808127
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C
1
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
2
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
3
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
4
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
5
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T14:56:25Z/
url https://vuldb.com/submit/808127
11
reference_url https://vuldb.com/vuln/362429
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C
1
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
2
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
3
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
4
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
5
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T14:56:25Z/
url https://vuldb.com/vuln/362429
12
reference_url https://vuldb.com/vuln/362429/cti
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C
1
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
2
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
3
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
4
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
5
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T14:56:25Z/
url https://vuldb.com/vuln/362429/cti
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:osgeo:gdal:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:osgeo:gdal:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:osgeo:gdal:*:*:*:*:*:*:*:*
fixed_packages
0
url pkg:deb/debian/gdal@3.13.0%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/gdal@3.13.0%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdal@3.13.0%252Bdfsg-1%3Fdistro=trixie
1
url pkg:deb/debian/gdal@3.13.1%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/gdal@3.13.1%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdal@3.13.1%252Bdfsg-1%3Fdistro=trixie
aliases BIT-gdal-2026-8212, CVE-2026-8212, GHSA-r5m4-5vww-w9f5, PYSEC-2026-4
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gs9m-dfuj-fkdh
2
url VCID-pkad-wgj9-wkhx
vulnerability_id VCID-pkad-wgj9-wkhx
summary Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in OSGeo gdal (frmts/zlib/contrib/infback9 modules). This vulnerability is associated with program files inftree9.C‎. This issue affects gdal: before 3.11.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-4738
reference_id
reference_type
scores
0
value 0.00063
scoring_system epss
scoring_elements 0.19884
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-4738
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4738
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4738
2
reference_url https://github.com/OSGeo/gdal/pull/12244
reference_id 12244
reference_type
scores
0
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/S:P/AU:Y/R:U/V:C/RE:L/U:Amber
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T14:35:17Z/
url https://github.com/OSGeo/gdal/pull/12244
fixed_packages
0
url pkg:deb/debian/gdal@3.11.3%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/gdal@3.11.3%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdal@3.11.3%252Bdfsg-1%3Fdistro=trixie
1
url pkg:deb/debian/gdal@3.13.0%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/gdal@3.13.0%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdal@3.13.0%252Bdfsg-1%3Fdistro=trixie
2
url pkg:deb/debian/gdal@3.13.1%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/gdal@3.13.1%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdal@3.13.1%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2026-4738
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pkad-wgj9-wkhx
Fixing_vulnerabilities
0
url VCID-9j4r-vpwj-bqds
vulnerability_id VCID-9j4r-vpwj-bqds
summary GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00022.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00022.html
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-17545
reference_id
reference_type
scores
0
value 0.02245
scoring_system epss
scoring_elements 0.84875
published_at 2026-06-04T12:55:00Z
1
value 0.02245
scoring_system epss
scoring_elements 0.84897
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-17545
2
reference_url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16178
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16178
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17545
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17545
4
reference_url https://github.com/OSGeo/gdal/commit/148115fcc40f1651a5d15fa34c9a8c528e7147bb
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://github.com/OSGeo/gdal/commit/148115fcc40f1651a5d15fa34c9a8c528e7147bb
5
reference_url https://lists.debian.org/debian-lts-announce/2019/11/msg00005.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://lists.debian.org/debian-lts-announce/2019/11/msg00005.html
6
reference_url https://lists.debian.org/debian-lts-announce/2022/01/msg00004.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://lists.debian.org/debian-lts-announce/2022/01/msg00004.html
7
reference_url https://lists.debian.org/debian-lts-announce/2022/09/msg00040.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://lists.debian.org/debian-lts-announce/2022/09/msg00040.html
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CB7RRPCQP253XA5MYUOLHLRPKNGKVZNT/
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CB7RRPCQP253XA5MYUOLHLRPKNGKVZNT/
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVRC3EBQBFBVQC26XJE3AI3KQXC2NGTP/
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVRC3EBQBFBVQC26XJE3AI3KQXC2NGTP/
10
reference_url https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://www.oracle.com//security-alerts/cpujul2021.html
fixed_packages
0
url pkg:deb/debian/gdal@2.4.2%2Bdfsg-2?distro=trixie
purl pkg:deb/debian/gdal@2.4.2%2Bdfsg-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdal@2.4.2%252Bdfsg-2%3Fdistro=trixie
1
url pkg:deb/debian/gdal@3.2.2%2Bdfsg-2%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/gdal@3.2.2%2Bdfsg-2%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1jx1-hxm7-vfdh
1
vulnerability VCID-gs9m-dfuj-fkdh
2
vulnerability VCID-pkad-wgj9-wkhx
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdal@3.2.2%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/gdal@3.6.2%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/gdal@3.6.2%2Bdfsg-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1jx1-hxm7-vfdh
1
vulnerability VCID-gs9m-dfuj-fkdh
2
vulnerability VCID-pkad-wgj9-wkhx
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdal@3.6.2%252Bdfsg-1%3Fdistro=trixie
3
url pkg:deb/debian/gdal@3.10.3%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/gdal@3.10.3%2Bdfsg-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1jx1-hxm7-vfdh
1
vulnerability VCID-gs9m-dfuj-fkdh
2
vulnerability VCID-pkad-wgj9-wkhx
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdal@3.10.3%252Bdfsg-1%3Fdistro=trixie
4
url pkg:deb/debian/gdal@3.13.0%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/gdal@3.13.0%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdal@3.13.0%252Bdfsg-1%3Fdistro=trixie
5
url pkg:deb/debian/gdal@3.13.1%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/gdal@3.13.1%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdal@3.13.1%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2019-17545, PYSEC-2019-241
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9j4r-vpwj-bqds
1
url VCID-g65z-w3mz-7qh4
vulnerability_id VCID-g65z-w3mz-7qh4
summary tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17546.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17546.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-17546
reference_id
reference_type
scores
0
value 0.00373
scoring_system epss
scoring_elements 0.59332
published_at 2026-06-04T12:55:00Z
1
value 0.00373
scoring_system epss
scoring_elements 0.59383
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-17546
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12900
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12900
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17000
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17000
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17100
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17100
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19210
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19210
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14973
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14973
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17546
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17546
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7663
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7663
9
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1765705
reference_id 1765705
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1765705
11
reference_url https://security.gentoo.org/glsa/202003-25
reference_id GLSA-202003-25
reference_type
scores
url https://security.gentoo.org/glsa/202003-25
12
reference_url https://access.redhat.com/errata/RHSA-2020:3902
reference_id RHSA-2020:3902
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3902
13
reference_url https://access.redhat.com/errata/RHSA-2020:4634
reference_id RHSA-2020:4634
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4634
14
reference_url https://usn.ubuntu.com/4158-1/
reference_id USN-4158-1
reference_type
scores
url https://usn.ubuntu.com/4158-1/
15
reference_url https://usn.ubuntu.com/5841-1/
reference_id USN-5841-1
reference_type
scores
url https://usn.ubuntu.com/5841-1/
fixed_packages
0
url pkg:deb/debian/gdal@3.1.0%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/gdal@3.1.0%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdal@3.1.0%252Bdfsg-1%3Fdistro=trixie
1
url pkg:deb/debian/gdal@3.2.2%2Bdfsg-2%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/gdal@3.2.2%2Bdfsg-2%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1jx1-hxm7-vfdh
1
vulnerability VCID-gs9m-dfuj-fkdh
2
vulnerability VCID-pkad-wgj9-wkhx
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdal@3.2.2%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/gdal@3.6.2%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/gdal@3.6.2%2Bdfsg-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1jx1-hxm7-vfdh
1
vulnerability VCID-gs9m-dfuj-fkdh
2
vulnerability VCID-pkad-wgj9-wkhx
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdal@3.6.2%252Bdfsg-1%3Fdistro=trixie
3
url pkg:deb/debian/gdal@3.10.3%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/gdal@3.10.3%2Bdfsg-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1jx1-hxm7-vfdh
1
vulnerability VCID-gs9m-dfuj-fkdh
2
vulnerability VCID-pkad-wgj9-wkhx
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdal@3.10.3%252Bdfsg-1%3Fdistro=trixie
4
url pkg:deb/debian/gdal@3.13.0%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/gdal@3.13.0%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdal@3.13.0%252Bdfsg-1%3Fdistro=trixie
5
url pkg:deb/debian/gdal@3.13.1%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/gdal@3.13.1%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdal@3.13.1%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2019-17546
risk_score 4.0
exploitability 0.5
weighted_severity 7.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g65z-w3mz-7qh4
2
url VCID-jan8-s74u-2fbm
vulnerability_id VCID-jan8-s74u-2fbm
summary GDAL before 1.3.0-r1 allows local users in the portage group to increase privileges via a shared object in the Portage temporary build directory, which is added to the search path allowing objects in it to be loaded at runtime.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2005-3581
reference_id
reference_type
scores
0
value 0.00055
scoring_system epss
scoring_elements 0.17436
published_at 2026-06-04T12:55:00Z
1
value 0.00055
scoring_system epss
scoring_elements 0.17514
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2005-3581
1
reference_url https://security.gentoo.org/glsa/200511-02
reference_id GLSA-200511-02
reference_type
scores
url https://security.gentoo.org/glsa/200511-02
fixed_packages
0
url pkg:deb/debian/gdal@0?distro=trixie
purl pkg:deb/debian/gdal@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdal@0%3Fdistro=trixie
1
url pkg:deb/debian/gdal@3.2.2%2Bdfsg-2%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/gdal@3.2.2%2Bdfsg-2%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1jx1-hxm7-vfdh
1
vulnerability VCID-gs9m-dfuj-fkdh
2
vulnerability VCID-pkad-wgj9-wkhx
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdal@3.2.2%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/gdal@3.6.2%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/gdal@3.6.2%2Bdfsg-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1jx1-hxm7-vfdh
1
vulnerability VCID-gs9m-dfuj-fkdh
2
vulnerability VCID-pkad-wgj9-wkhx
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdal@3.6.2%252Bdfsg-1%3Fdistro=trixie
3
url pkg:deb/debian/gdal@3.10.3%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/gdal@3.10.3%2Bdfsg-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1jx1-hxm7-vfdh
1
vulnerability VCID-gs9m-dfuj-fkdh
2
vulnerability VCID-pkad-wgj9-wkhx
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdal@3.10.3%252Bdfsg-1%3Fdistro=trixie
4
url pkg:deb/debian/gdal@3.13.0%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/gdal@3.13.0%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdal@3.13.0%252Bdfsg-1%3Fdistro=trixie
5
url pkg:deb/debian/gdal@3.13.1%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/gdal@3.13.1%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdal@3.13.1%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2005-3581
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jan8-s74u-2fbm
3
url VCID-uy45-3vu3-87fu
vulnerability_id VCID-uy45-3vu3-87fu
summary GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCIDSK::CPCIDSKFile::ReadFromFile (called from PCIDSK::CPCIDSKSegment::ReadFromFile and PCIDSK::CPCIDSKBinarySegment::CPCIDSKBinarySegment).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-45943
reference_id
reference_type
scores
0
value 0.003
scoring_system epss
scoring_elements 0.53634
published_at 2026-06-04T12:55:00Z
1
value 0.003
scoring_system epss
scoring_elements 0.53693
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-45943
1
reference_url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41993
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41993
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45943
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45943
3
reference_url https://github.com/google/oss-fuzz-vulns/blob/main/vulns/gdal/OSV-2021-1651.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://github.com/google/oss-fuzz-vulns/blob/main/vulns/gdal/OSV-2021-1651.yaml
4
reference_url https://github.com/OSGeo/gdal/commit/1ca6a3e5168c200763fa46d8aa7e698d0b757e7e
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://github.com/OSGeo/gdal/commit/1ca6a3e5168c200763fa46d8aa7e698d0b757e7e
5
reference_url https://github.com/OSGeo/gdal/pull/4944
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://github.com/OSGeo/gdal/pull/4944
6
reference_url https://lists.debian.org/debian-lts-announce/2022/01/msg00004.html
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://lists.debian.org/debian-lts-announce/2022/01/msg00004.html
7
reference_url https://lists.debian.org/debian-lts-announce/2022/09/msg00040.html
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://lists.debian.org/debian-lts-announce/2022/09/msg00040.html
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JBPJGXY7IYY65NVJBLP3RONXE7ZBVCNU/
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JBPJGXY7IYY65NVJBLP3RONXE7ZBVCNU/
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P23E4DEHY5FJCR5VJ46I6TO32DT7Y3T4/
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P23E4DEHY5FJCR5VJ46I6TO32DT7Y3T4/
10
reference_url https://security.gentoo.org/glsa/202210-15
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://security.gentoo.org/glsa/202210-15
11
reference_url https://www.debian.org/security/2022/dsa-5239
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://www.debian.org/security/2022/dsa-5239
12
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://www.oracle.com/security-alerts/cpujul2022.html
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-45943
reference_id CVE-2021-45943
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-45943
fixed_packages
0
url pkg:deb/debian/gdal@3.2.2%2Bdfsg-2%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/gdal@3.2.2%2Bdfsg-2%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1jx1-hxm7-vfdh
1
vulnerability VCID-gs9m-dfuj-fkdh
2
vulnerability VCID-pkad-wgj9-wkhx
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdal@3.2.2%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie
1
url pkg:deb/debian/gdal@3.4.1%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/gdal@3.4.1%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdal@3.4.1%252Bdfsg-1%3Fdistro=trixie
2
url pkg:deb/debian/gdal@3.6.2%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/gdal@3.6.2%2Bdfsg-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1jx1-hxm7-vfdh
1
vulnerability VCID-gs9m-dfuj-fkdh
2
vulnerability VCID-pkad-wgj9-wkhx
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdal@3.6.2%252Bdfsg-1%3Fdistro=trixie
3
url pkg:deb/debian/gdal@3.10.3%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/gdal@3.10.3%2Bdfsg-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1jx1-hxm7-vfdh
1
vulnerability VCID-gs9m-dfuj-fkdh
2
vulnerability VCID-pkad-wgj9-wkhx
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdal@3.10.3%252Bdfsg-1%3Fdistro=trixie
4
url pkg:deb/debian/gdal@3.13.0%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/gdal@3.13.0%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdal@3.13.0%252Bdfsg-1%3Fdistro=trixie
5
url pkg:deb/debian/gdal@3.13.1%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/gdal@3.13.1%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdal@3.13.1%252Bdfsg-1%3Fdistro=trixie
aliases BIT-gdal-2021-45943, CVE-2021-45943, PYSEC-2022-43065
risk_score 2.5
exploitability 0.5
weighted_severity 5.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uy45-3vu3-87fu
4
url VCID-wtq8-c55n-bkb8
vulnerability_id VCID-wtq8-c55n-bkb8
summary netCDF in GDAL 2.4.2 through 3.0.4 has a stack-based buffer overflow in nc4_get_att (called from nc4_get_att_tc and nc_get_att_text) and in uffd_cleanup (called from netCDFDataset::~netCDFDataset and netCDFDataset::~netCDFDataset).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-25050
reference_id
reference_type
scores
0
value 0.00089
scoring_system epss
scoring_elements 0.2536
published_at 2026-06-04T12:55:00Z
1
value 0.00089
scoring_system epss
scoring_elements 0.25457
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-25050
1
reference_url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15143
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15143
2
reference_url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15156
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15156
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-25050
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-25050
4
reference_url https://github.com/google/oss-fuzz-vulns/blob/main/vulns/gdal/OSV-2020-392.yaml
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://github.com/google/oss-fuzz-vulns/blob/main/vulns/gdal/OSV-2020-392.yaml
5
reference_url https://github.com/google/oss-fuzz-vulns/blob/main/vulns/gdal/OSV-2020-420.yaml
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://github.com/google/oss-fuzz-vulns/blob/main/vulns/gdal/OSV-2020-420.yaml
6
reference_url https://github.com/OSGeo/gdal/commit/27b9bf644bcf1208f7d6594bdd104cc8a8bb0646
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://github.com/OSGeo/gdal/commit/27b9bf644bcf1208f7d6594bdd104cc8a8bb0646
7
reference_url https://github.com/OSGeo/gdal/commit/767e3a56144f676ca738ef8f700e0e56035bd05a
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://github.com/OSGeo/gdal/commit/767e3a56144f676ca738ef8f700e0e56035bd05a
fixed_packages
0
url pkg:deb/debian/gdal@3.1.0%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/gdal@3.1.0%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdal@3.1.0%252Bdfsg-1%3Fdistro=trixie
1
url pkg:deb/debian/gdal@3.2.2%2Bdfsg-2%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/gdal@3.2.2%2Bdfsg-2%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1jx1-hxm7-vfdh
1
vulnerability VCID-gs9m-dfuj-fkdh
2
vulnerability VCID-pkad-wgj9-wkhx
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdal@3.2.2%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/gdal@3.6.2%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/gdal@3.6.2%2Bdfsg-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1jx1-hxm7-vfdh
1
vulnerability VCID-gs9m-dfuj-fkdh
2
vulnerability VCID-pkad-wgj9-wkhx
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdal@3.6.2%252Bdfsg-1%3Fdistro=trixie
3
url pkg:deb/debian/gdal@3.10.3%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/gdal@3.10.3%2Bdfsg-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1jx1-hxm7-vfdh
1
vulnerability VCID-gs9m-dfuj-fkdh
2
vulnerability VCID-pkad-wgj9-wkhx
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdal@3.10.3%252Bdfsg-1%3Fdistro=trixie
4
url pkg:deb/debian/gdal@3.13.0%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/gdal@3.13.0%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdal@3.13.0%252Bdfsg-1%3Fdistro=trixie
5
url pkg:deb/debian/gdal@3.13.1%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/gdal@3.13.1%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdal@3.13.1%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2019-25050, PYSEC-2021-888
risk_score 3.5
exploitability 0.5
weighted_severity 7.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wtq8-c55n-bkb8
Risk_score2.4
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/gdal@3.6.2%252Bdfsg-1%3Fdistro=trixie