cbcvebase.
CVE-2021-45943
published 2022-01-01

CVE-2021-45943: GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCIDSK::CPCIDSKFile::ReadFromFile (called from PCIDSK::CPCIDSKSegment::ReadFromFile and…

PriorityP423medium5.5CVSS 3.1
AVLACLPRNUIRSUCNINAH
EPSS
1.49%
70.9th percentile
GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCIDSK::CPCIDSKFile::ReadFromFile (called from PCIDSK::CPCIDSKSegment::ReadFromFile and PCIDSK::CPCIDSKBinarySegment::CPCIDSKBinarySegment).

Affected

13 ranges
VendorProductVersion rangeFixed in
debiandebian_linux
debiandebian_linux
debiandebian_linux
debiangdal< gdal 3.4.1+dfsg-1 (bookworm)gdal 3.4.1+dfsg-1 (bookworm)
fedoraprojectfedora
fedoraprojectfedora
oraclespatial_and_graph
oraclespatial_and_graph
osgeogdal>= 0 < 3.2.2+dfsg-2+deb11u23.2.2+dfsg-2+deb11u2
osgeogdal>= 0 < 3.4.1+dfsg-13.4.1+dfsg-1
osgeogdal>= 0 < 3.4.1+dfsg-13.4.1+dfsg-1
osgeogdal>= 0 < 3.4.1+dfsg-13.4.1+dfsg-1
osgeogdal3.3.0 – 3.4.0

CVSS provenance

nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv5.5MEDIUM
vendor_debian5.5MEDIUM
vendor_oracle4.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.