Osgeo Gdal

Do you want an email whenever new security vulnerabilities are reported in Osgeo Gdal?

By the Year

In 2024 there have been 0 vulnerabilities in Osgeo Gdal . Gdal did not have any published security vulnerabilities last year.

Year	Vulnerabilities	Average Score
2024	0	0.00
2023	0	0.00
2022	1	5.50
2021	1	7.80
2020	0	0.00
2019	2	9.30
2018	0	0.00

It may take a day or so for new Gdal vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Osgeo Gdal Security Vulnerabilities

GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCIDSK::CPCIDSKFile::Read

CVE-2021-45943 5.5 - Medium - January 01, 2022

GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCIDSK::CPCIDSKFile::ReadFromFile (called from PCIDSK::CPCIDSKSegment::ReadFromFile and PCIDSK::CPCIDSKBinarySegment::CPCIDSKBinarySegment).

Memory Corruption

netCDF in GDAL 2.4.2 through 3.0.4 has a stack-based buffer overflow in nc4_get_att (called

CVE-2019-25050 7.8 - High - July 20, 2021

netCDF in GDAL 2.4.2 through 3.0.4 has a stack-based buffer overflow in nc4_get_att (called from nc4_get_att_tc and nc_get_att_text) and in uffd_cleanup (called from netCDFDataset::~netCDFDataset and netCDFDataset::~netCDFDataset).

Memory Corruption

GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded.

CVE-2019-17545 9.8 - Critical - October 14, 2019

GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded.

Double-free

tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow

CVE-2019-17546 8.8 - High - October 14, 2019

tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition.

Memory Corruption

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Canonical Ubuntu Linux or by Osgeo? Click the Watch button to subscribe.

Osgeo
Vendor

Osgeo Gdal
Product

By the Year

Recent Osgeo Gdal Security Vulnerabilities

GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCIDSK::CPCIDSKFile::Read CVE-2021-45943 5.5 - Medium - January 01, 2022

netCDF in GDAL 2.4.2 through 3.0.4 has a stack-based buffer overflow in nc4_get_att (called CVE-2019-25050 7.8 - High - July 20, 2021

GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded. CVE-2019-17545 9.8 - Critical - October 14, 2019

tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow CVE-2019-17546 8.8 - High - October 14, 2019

Stay on top of Security Vulnerabilities

Osgeo Vendor

Osgeo GdalProduct

GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCIDSK::CPCIDSKFile::Read

CVE-2021-45943 5.5 - Medium - January 01, 2022

netCDF in GDAL 2.4.2 through 3.0.4 has a stack-based buffer overflow in nc4_get_att (called

CVE-2019-25050 7.8 - High - July 20, 2021

GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded.

CVE-2019-17545 9.8 - Critical - October 14, 2019

tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow

CVE-2019-17546 8.8 - High - October 14, 2019

Osgeo
Vendor

Osgeo Gdal
Product