CVE-2019-17545
published 2019-10-14CVE-2019-17545: GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded.
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | gdal | < gdal 2.4.2+dfsg-2 (bookworm) | gdal 2.4.2+dfsg-2 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| opensuse | backports_sle | — | — |
| opensuse | leap | — | — |
| oracle | spatial_and_graph | — | — |
| oracle | spatial_and_graph | — | — |
| osgeo | gdal | <= 3.0.1 | — |
| osgeo | gdal | >= 0 < 2.4.2+dfsg-2 | 2.4.2+dfsg-2 |
| osgeo | gdal | >= 0 < 2.4.2+dfsg-2 | 2.4.2+dfsg-2 |
| osgeo | gdal | >= 0 < 2.4.2+dfsg-2 | 2.4.2+dfsg-2 |
| osgeo | gdal | >= 0 < 2.4.2+dfsg-2 | 2.4.2+dfsg-2 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL