Search for packages
| purl | pkg:deb/debian/gdal@3.6.2%2Bdfsg-1?distro=trixie |
| Next non-vulnerable version | 3.11.3+dfsg-1 |
| Latest non-vulnerable version | 3.12.3+dfsg-1 |
| Risk | 4.2 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-yghg-jnaz-xyaq
Aliases: CVE-2026-4738 |
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in OSGeo gdal (frmts/zlib/contrib/infback9 modules). This vulnerability is associated with program files inftree9.C. This issue affects gdal: before 3.11.0. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-6v8p-cjhb-c7er | netCDF in GDAL 2.4.2 through 3.0.4 has a stack-based buffer overflow in nc4_get_att (called from nc4_get_att_tc and nc_get_att_text) and in uffd_cleanup (called from netCDFDataset::~netCDFDataset and netCDFDataset::~netCDFDataset). |
CVE-2019-25050
PYSEC-2021-888 |
| VCID-a6w1-7txk-euay | GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded. |
CVE-2019-17545
PYSEC-2019-241 |
| VCID-gzm4-ajmq-sqgj | GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCIDSK::CPCIDSKFile::ReadFromFile (called from PCIDSK::CPCIDSKSegment::ReadFromFile and PCIDSK::CPCIDSKBinarySegment::CPCIDSKBinarySegment). |
BIT-gdal-2021-45943
CVE-2021-45943 PYSEC-2022-43065 |
| VCID-nnvs-e9na-p7fu | Multiple vulnerabilities have been found in LibTIFF, the worst of which could result in a Denial of Service condition. |
CVE-2019-17546
|
| VCID-usqv-s3dc-hkgk | Multiple packages suffer from RUNPATH issues that may allow users in the "portage" group to escalate privileges. |
CVE-2005-3581
|