CVE-2026-4738Improper Restriction of Operations within the Bounds of a Memory Buffer in Gdal

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources
Severity
9.4CRITICALNVD
EPSS
0.1%
top 82.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Osgeo Gdal
Timeline
PublishedMar 24

Description

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in OSGeo gdal (frmts/zlib/contrib/infback9 modules). This vulnerability is associated with program files inftree9.C‎. This issue affects gdal: before 3.11.0.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:P

Affected Packages1 packages

CVEListV5osgeo/gdal< 3.11.0

🔴Vulnerability Details

3
GHSA
GHSA-hp6p-5qh5-w9fj: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in OSGeo gdal (frmts/zlib/contrib/infback9 modules)2026-03-24
OSV
CVE-2026-4738: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in OSGeo gdal (frmts/zlib/contrib/infback9 modules)2026-03-24
CVEList
GDAL Bundled zlib (inftree9.c) Pointer Offset Optimization Undefined Behavior Allows Heap Corruption or Remote Code Execution2026-03-24
CVE-2026-4738 — Osgeo Gdal vulnerability | cvebase