Filtered by vendor Osgeo Subscriptions
Filtered by product Gdal Subscriptions
Total 4 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2019-17546 3 Libtiff, Osgeo, Redhat 3 Libtiff, Gdal, Enterprise Linux 2024-12-20 8.8 High
tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition.
CVE-2021-45943 4 Debian, Fedoraproject, Oracle and 1 more 4 Debian Linux, Fedora, Spatial And Graph and 1 more 2024-11-21 5.5 Medium
GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCIDSK::CPCIDSKFile::ReadFromFile (called from PCIDSK::CPCIDSKSegment::ReadFromFile and PCIDSK::CPCIDSKBinarySegment::CPCIDSKBinarySegment).
CVE-2019-25050 1 Osgeo 1 Gdal 2024-11-21 7.8 High
netCDF in GDAL 2.4.2 through 3.0.4 has a stack-based buffer overflow in nc4_get_att (called from nc4_get_att_tc and nc_get_att_text) and in uffd_cleanup (called from netCDFDataset::~netCDFDataset and netCDFDataset::~netCDFDataset).
CVE-2019-17545 5 Debian, Fedoraproject, Opensuse and 2 more 6 Debian Linux, Fedora, Backports Sle and 3 more 2024-11-21 9.8 Critical
GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded.