Debian Netcdf vulnerabilities

22 known vulnerabilities affecting debian/netcdf.

Total CVEs
22
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH5LOW17

Vulnerabilities

Page 1 of 2
CVE-2025-14936HIGHCVSS 7.82025
CVE-2025-14936 [HIGH] CVE-2025-14936: netcdf - NSF Unidata NetCDF-C Attribute Name Stack-based Buffer Overflow Remote Code Exec... NSF Unidata NetCDF-C Attribute Name Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NSF Unidata NetCDF-C. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla
debian
CVE-2025-14934HIGHCVSS 7.82025
CVE-2025-14934 [HIGH] CVE-2025-14934: netcdf - NSF Unidata NetCDF-C Variable Name Stack-based Buffer Overflow Remote Code Execu... NSF Unidata NetCDF-C Variable Name Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NSF Unidata NetCDF-C. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw
debian
CVE-2025-14932HIGHCVSS 7.82025
CVE-2025-14932 [HIGH] CVE-2025-14932: netcdf - NSF Unidata NetCDF-C Time Unit Stack-based Buffer Overflow Remote Code Execution... NSF Unidata NetCDF-C Time Unit Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NSF Unidata NetCDF-C. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exi
debian
CVE-2025-14933HIGHCVSS 7.82025
CVE-2025-14933 [HIGH] CVE-2025-14933: netcdf - NSF Unidata NetCDF-C NC Variable Integer Overflow Remote Code Execution Vulnerab... NSF Unidata NetCDF-C NC Variable Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NSF Unidata NetCDF-C. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists withi
debian
CVE-2025-14935HIGHCVSS 7.82025
CVE-2025-14935 [HIGH] CVE-2025-14935: netcdf - NSF Unidata NetCDF-C Dimension Name Heap-based Buffer Overflow Remote Code Execu... NSF Unidata NetCDF-C Dimension Name Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NSF Unidata NetCDF-C. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw
debian
CVE-2022-30045LOWCVSS 6.5fixed in netcdf 1:4.9.0-1 (bookworm)2022
CVE-2022-30045 [MEDIUM] CVE-2022-30045: mapcache - An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_decode(... An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_decode() performs incorrect memory handling while parsing crafted XML files, leading to a heap out-of-bounds read. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open
debian
CVE-2021-30485LOWCVSS 6.5fixed in netcdf 1:4.9.0-1 (bookworm)2021
CVE-2021-30485 [MEDIUM] CVE-2021-30485: mapcache - An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_interna... An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd(), while parsing a crafted XML file, performs incorrect memory handling, leading to a NULL pointer dereference while running strcmp() on a NULL pointer. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open
debian
CVE-2021-26220LOWCVSS 8.1fixed in netcdf 1:4.9.0-1 (bookworm)2021
CVE-2021-26220 [HIGH] CVE-2021-26220: mapcache - The ezxml_toxml function in ezxml 0.8.6 and earlier is vulnerable to OOB write w... The ezxml_toxml function in ezxml 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open
debian
CVE-2021-26222LOWCVSS 8.1fixed in netcdf 1:4.9.0-1 (bookworm)2021
CVE-2021-26222 [HIGH] CVE-2021-26222: mapcache - The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write whe... The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open
debian
CVE-2021-31598LOWCVSS 7.5fixed in netcdf 1:4.9.0-1 (bookworm)2021
CVE-2021-31598 [HIGH] CVE-2021-31598: mapcache - An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_decode(... An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_decode() performs incorrect memory handling while parsing crafted XML files, leading to a heap-based buffer overflow. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open
debian
CVE-2021-26221LOWCVSS 8.1fixed in netcdf 1:4.9.0-1 (bookworm)2021
CVE-2021-26221 [HIGH] CVE-2021-26221: mapcache - The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write whe... The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open
debian
CVE-2021-31347LOWCVSS 6.5fixed in netcdf 1:4.9.0-1 (bookworm)2021
CVE-2021-31347 [MEDIUM] CVE-2021-31347: mapcache - An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_s... An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs incorrect memory handling while parsing crafted XML files (writing outside a memory region created by mmap). Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open
debian
CVE-2021-31348LOWCVSS 6.5fixed in netcdf 1:4.9.0-1 (bookworm)2021
CVE-2021-31348 [MEDIUM] CVE-2021-31348: mapcache - An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_s... An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs incorrect memory handling while parsing crafted XML files (out-of-bounds read after a certain strcspn failure). Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open
debian
CVE-2021-31229LOWCVSS 6.5fixed in netcdf 1:4.9.0-1 (bookworm)2021
CVE-2021-31229 [MEDIUM] CVE-2021-31229: mapcache - An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_interna... An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd() performs incorrect memory handling while parsing crafted XML files, which leads to an out-of-bounds write of a one byte constant. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open
debian
CVE-2019-20005LOWCVSS 6.5fixed in netcdf 1:4.9.0-1 (bookworm)2019
CVE-2019-20005 [MEDIUM] CVE-2019-20005: mapcache - An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode,... An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing a crafted XML file, performs incorrect memory handling, leading to a heap-based buffer over-read while running strchr() starting with a pointer after a '\0' character (where the processing of a string was finished). Scope: local bookworm: open bullseye: open forky: open
debian
CVE-2019-20006LOWCVSS 7.5fixed in netcdf 1:4.9.0-1 (bookworm)2019
CVE-2019-20006 [HIGH] CVE-2019-20006: mapcache - An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_char_co... An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_char_content puts a pointer to the internal address of a larger block as xml->txt. This is later deallocated (using free), leading to a segmentation fault. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open
debian
CVE-2019-20199LOWCVSS 6.5fixed in netcdf 1:4.9.0-1 (bookworm)2019
CVE-2019-20199 [MEDIUM] CVE-2019-20199: mapcache - An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode,... An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing a crafted XML file, performs incorrect memory handling, leading to NULL pointer dereference while running strlen() on a NULL pointer. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open
debian
CVE-2019-20200LOWCVSS 6.5fixed in netcdf 1:4.9.0-1 (bookworm)2019
CVE-2019-20200 [MEDIUM] CVE-2019-20200: mapcache - An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode,... An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing crafted a XML file, performs incorrect memory handling, leading to a heap-based buffer over-read in the "normalize line endings" feature. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open
debian
CVE-2019-20198LOWCVSS 6.5fixed in netcdf 1:4.9.0-1 (bookworm)2019
CVE-2019-20198 [MEDIUM] CVE-2019-20198: mapcache - An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_ent_ok(... An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_ent_ok() mishandles recursion, leading to stack consumption for a crafted XML file. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open
debian
CVE-2019-20201LOWCVSS 6.5fixed in netcdf 1:4.9.0-1 (bookworm)2019
CVE-2019-20201 [MEDIUM] CVE-2019-20201: mapcache - An issue was discovered in ezXML 0.8.3 through 0.8.6. The ezxml_parse_* function... An issue was discovered in ezXML 0.8.3 through 0.8.6. The ezxml_parse_* functions mishandle XML entities, leading to an infinite loop in which memory allocations occur. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open
debian
1 / 2Next →