Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/gdal@2.4.3

Type pypi

Namespace

Name gdal

Version 2.4.3

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 3.13.1

Latest_non_vulnerable_version 3.13.1

Affected_by_vulnerabilities

url VCID-9j4r-vpwj-bqds

vulnerability_id VCID-9j4r-vpwj-bqds

summary GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded.

references

reference_url

http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00022.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00022.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-17545

reference_id

reference_type

scores

value	0.02245
scoring_system	epss
scoring_elements	0.84875
published_at	2026-06-04T12:55:00Z

value	0.02245
scoring_system	epss
scoring_elements	0.84897
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-17545

reference_url

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16178

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16178

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17545
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17545

reference_url

https://github.com/OSGeo/gdal/commit/148115fcc40f1651a5d15fa34c9a8c528e7147bb

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://github.com/OSGeo/gdal/commit/148115fcc40f1651a5d15fa34c9a8c528e7147bb

reference_url

https://lists.debian.org/debian-lts-announce/2019/11/msg00005.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://lists.debian.org/debian-lts-announce/2019/11/msg00005.html

reference_url

https://lists.debian.org/debian-lts-announce/2022/01/msg00004.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://lists.debian.org/debian-lts-announce/2022/01/msg00004.html

reference_url

https://lists.debian.org/debian-lts-announce/2022/09/msg00040.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://lists.debian.org/debian-lts-announce/2022/09/msg00040.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CB7RRPCQP253XA5MYUOLHLRPKNGKVZNT/

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CB7RRPCQP253XA5MYUOLHLRPKNGKVZNT/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVRC3EBQBFBVQC26XJE3AI3KQXC2NGTP/

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVRC3EBQBFBVQC26XJE3AI3KQXC2NGTP/

reference_url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://www.oracle.com//security-alerts/cpujul2021.html

fixed_packages

url pkg:pypi/gdal@3.0.2

purl pkg:pypi/gdal@3.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-wtq8-c55n-bkb8

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/gdal@3.0.2

aliases CVE-2019-17545, PYSEC-2019-241

risk_score 4.4

exploitability 0.5

weighted_severity 8.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9j4r-vpwj-bqds

url VCID-wtq8-c55n-bkb8

vulnerability_id VCID-wtq8-c55n-bkb8

summary netCDF in GDAL 2.4.2 through 3.0.4 has a stack-based buffer overflow in nc4_get_att (called from nc4_get_att_tc and nc_get_att_text) and in uffd_cleanup (called from netCDFDataset::~netCDFDataset and netCDFDataset::~netCDFDataset).

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-25050

reference_id

reference_type

scores

value	0.00089
scoring_system	epss
scoring_elements	0.2536
published_at	2026-06-04T12:55:00Z

value	0.00089
scoring_system	epss
scoring_elements	0.25457
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-25050

reference_url

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15143

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15143

reference_url

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15156

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15156

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-25050
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-25050