3 results (0.009 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

netCDF in GDAL 2.4.2 through 3.0.4 has a stack-based buffer overflow in nc4_get_att (called from nc4_get_att_tc and nc_get_att_text) and in uffd_cleanup (called from netCDFDataset::~netCDFDataset and netCDFDataset::~netCDFDataset). netCDF en GDAL versiones 2.4.2 hasta 3.0.4, presenta un desbordamiento del búfer en la región stack de la memoria en nc4_get_att (llamado desde nc4_get_att_tc y nc_get_att_text) y en uffd_cleanup (llamado desde netCDFDataset::~netCDFDataset y netCDFDataset::~netCDFDataset) • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15143 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15156 https://github.com/OSGeo/gdal/commit/27b9bf644bcf1208f7d6594bdd104cc8a8bb0646 https://github.com/OSGeo/gdal/commit/767e3a56144f676ca738ef8f700e0e56035bd05a https://github.com/google/oss-fuzz-vulns/blob/main/vulns/gdal/OSV-2020-392.yaml https://github.com/google/oss-fuzz-vulns/blob/main/vulns/gdal/OSV-2020-420.yaml • CWE-787: Out-of-bounds Write •

CVSS: 9.8EPSS: 1%CPEs: 10EXPL: 0

GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded. GDAL versiones hasta 3.0.1, presenta una vulnerabilidad de doble liberación de poolDestroy en la función OGRExpatRealloc en el archivo ogr/ogr_expat.cpp cuando se excede el umbral de 10 MB. • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00022.html https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16178 https://github.com/OSGeo/gdal/commit/148115fcc40f1651a5d15fa34c9a8c528e7147bb https://lists.debian.org/debian-lts-announce/2019/11/msg00005.html https://lists.debian.org/debian-lts-announce/2022/01/msg00004.html https://lists.debian.org/debian-lts-announce/2022/09/msg00040.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message& • CWE-415: Double Free •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition. El archivo tif_getimage.c en LibTIFF versiones hasta 4.0.10, como es usado en GDAL hasta 3.0.1 y otros productos, presenta un desbordamiento de enteros que causa potencialmente un desbordamiento de búfer en la región heap de la memoria por medio de una imagen RGBA diseñada, relacionada con una condición "Negative-size-param". • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16443 https://github.com/OSGeo/gdal/commit/21674033ee246f698887604c7af7ba1962a40ddf https://gitlab.com/libtiff/libtiff/commit/4bb584a35f87af42d6cf09d15e9ce8909a839145 https://lists.debian.org/debian-lts-announce/2019/11/msg00027.html https://lists.debian.org/debian-lts-announce/2020/03/msg00020.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LM5ZW7E3IEW7LT2BPJP7D3RN6OUOE3MX https://lists.fedoraproject.org/archives/list/package • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •