CVE-2019-25050Out-of-bounds Write in Gdal

CWE-787Out-of-bounds Write5 documents5 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 74.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Osgeo Gdal
Timeline
PublishedJul 20
Latest updateMay 24

Description

netCDF in GDAL 2.4.2 through 3.0.4 has a stack-based buffer overflow in nc4_get_att (called from nc4_get_att_tc and nc_get_att_text) and in uffd_cleanup (called from netCDFDataset::~netCDFDataset and netCDFDataset::~netCDFDataset).

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

Debianosgeo/gdal< 3.1.0+dfsg-1+3
NVDosgeo/gdal2.4.23.0.4

Patches

Patch: bugs.chromium.orgPatch: bugs.chromium.orgPatch: github.com

🔴Vulnerability Details

3
GHSA
GHSA-723m-9g33-2g82: netCDF in GDAL 22022-05-24
CVEList
CVE-2019-25050: netCDF in GDAL 22021-07-20
OSV
CVE-2019-25050: netCDF in GDAL 22021-07-20

📋Vendor Advisories

1
Debian
CVE-2019-25050: gdal - netCDF in GDAL 2.4.2 through 3.0.4 has a stack-based buffer overflow in nc4_get_...2019
CVE-2019-25050 — Out-of-bounds Write in Osgeo Gdal | cvebase