cbcvebase.

Osgeo Gdal vulnerabilities

13 known vulnerabilities affecting osgeo/gdal.

Total CVEs
13
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH5MEDIUM6

Vulnerabilities

Page 1 of 1
CVE-2026-8086P3HIGHCVSS 7.8≤ 3.12.4v3.13.0+1 more2026-05-07
CVE-2026-8086 [HIGH] CWE-119 CVE-2026-8086: A vulnerability was identified in OSGeo gdal up to 3.13.0dev-4. This issue affects the function SWne A vulnerability was identified in OSGeo gdal up to 3.13.0dev-4. This issue affects the function SWnentries of the file frmts/hdf4/hdf-eos/SWapi.c. Such manipulation of the argument DimensionName leads to heap-based buffer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. Upgrading to version 3.12.4RC1
nvd
CVE-2026-8087P3HIGHCVSS 7.8≤ 3.12.4v3.13.0+1 more2026-05-07
CVE-2026-8087 [HIGH] CWE-119 CVE-2026-8087: A security flaw has been discovered in OSGeo gdal up to 3.13.0dev-4. Impacted is the function GDnent A security flaw has been discovered in OSGeo gdal up to 3.13.0dev-4. Impacted is the function GDnentries of the file frmts/hdf4/hdf-eos/GDapi.c. Performing a manipulation of the argument DataFieldName results in heap-based buffer overflow. The attack must be initiated from a local position. The exploit has been released to the public and may be used for
ghsanvd
CVE-2019-17546P3HIGHCVSS 8.8≤ 3.0.12019-10-14
CVE-2019-17546 [HIGH] CWE-190 CVE-2019-17546: tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an i tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition.
nvdosv
CVE-2026-4738P3CRITICALCVSS 9.4fixed in 3.11.02026-03-24
CVE-2026-4738 [CRITICAL] CWE-119 CVE-2026-4738: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in OSGeo gdal Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in OSGeo gdal (frmts/zlib/contrib/infback9 modules). This vulnerability is associated with program files inftree9.C‎. This issue affects gdal: before 3.11.0.
nvd
CVE-2026-49014P3HIGHCVSS 7.8≥ 3.1.0, ≤ 3.13.02026-05-27
CVE-2026-49014 [HIGH] CWE-121 CVE-2026-49014: In GDAL 3.1.0 through 3.13.0, scanForGeometryContainers in the netCDF driver allows code execution v In GDAL 3.1.0 through 3.13.0, scanForGeometryContainers in the netCDF driver allows code execution via a stack-based buffer overflow. It reads a geometry attribute into a fixed-size stack buffer without validating the attribute length. The attacker embeds the exploit as an oversized geometry attribute in a crafted NetCDF file. This achieves arbitrary
nvd
CVE-2019-17545P3CRITICALCVSS 9.8≤ 3.0.12019-10-14
CVE-2019-17545 [CRITICAL] CWE-415 CVE-2019-17545: GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10 GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded.
nvdosv
CVE-2019-25050P3HIGHCVSS 7.8≥ 2.4.2, ≤ 3.0.42021-07-20
CVE-2019-25050 [HIGH] CWE-787 CVE-2019-25050: netCDF in GDAL 2.4.2 through 3.0.4 has a stack-based buffer overflow in nc4_get_att (called from nc4 netCDF in GDAL 2.4.2 through 3.0.4 has a stack-based buffer overflow in nc4_get_att (called from nc4_get_att_tc and nc_get_att_text) and in uffd_cleanup (called from netCDFDataset::~netCDFDataset and netCDFDataset::~netCDFDataset).
nvdosv
CVE-2026-8213P4MEDIUMCVSS 5.5≤ 3.12.4v3.13.0+1 more2026-05-09
CVE-2026-8213 [MEDIUM] CWE-119 CVE-2026-8213: A vulnerability has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this issue is the functi A vulnerability has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this issue is the function GDSDfldsrch of the file frmts/hdf4/hdf-eos/GDapi.c of the component Grid File Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgradi
nvd
CVE-2026-8212P4MEDIUMCVSS 5.5≤ 3.12.4v3.13.0+1 more2026-05-09
CVE-2026-8212 [MEDIUM] CWE-119 CVE-2026-8212: A flaw has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this vulnerability is the functio A flaw has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this vulnerability is the function SWSDfldsrch of the file frmts/hdf4/hdf-eos/SWapi.c. Executing a manipulation can lead to heap-based buffer overflow. The attack requires local access. The exploit has been published and may be used. Upgrading to version 3.13.0RC1 addresses this issue.
ghsanvd
CVE-2026-8084P4MEDIUMCVSS 5.5≤ 3.12.4v3.13.0+1 more2026-05-07
CVE-2026-8084 [MEDIUM] CWE-119 CVE-2026-8084: A vulnerability was determined in OSGeo gdal up to 3.13.0dev-4. This vulnerability affects the funct A vulnerability was determined in OSGeo gdal up to 3.13.0dev-4. This vulnerability affects the function memmove of the file frmts/hdf4/hdf-eos/SWapi.c of the component HDF-EOS Grid File Handler. This manipulation causes out-of-bounds read. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized. Upgradi
nvd
CVE-2026-8088P4MEDIUMCVSS 5.5≤ 3.12.4v3.13.0+1 more2026-05-07
CVE-2026-8088 [MEDIUM] CWE-119 CVE-2026-8088: A weakness has been identified in OSGeo gdal up to 3.13.0dev-4. The affected element is the function A weakness has been identified in OSGeo gdal up to 3.13.0dev-4. The affected element is the function GDfieldinfo of the file frmts/hdf4/hdf-eos/GDapi.c. Executing a manipulation can lead to out-of-bounds read. The attack needs to be launched locally. The exploit has been made available to the public and could be used for attacks. Upgrading to version
ghsanvd
CVE-2021-45943P4MEDIUMCVSS 5.5≥ 3.3.0, ≤ 3.4.02022-01-01
CVE-2021-45943 [MEDIUM] CWE-787 CVE-2021-45943: GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCIDSK::CPCIDSKFile::ReadFromFile (call GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCIDSK::CPCIDSKFile::ReadFromFile (called from PCIDSK::CPCIDSKSegment::ReadFromFile and PCIDSK::CPCIDSKBinarySegment::CPCIDSKBinarySegment).
nvdosv
CVE-2025-29480P4MEDIUMCVSS 5.5v3.10.22025-04-07
CVE-2025-29480 [MEDIUM] CWE-120 CVE-2025-29480: Buffer Overflow vulnerability in gdal 3.10.2 allows a local attacker to cause a denial of service vi Buffer Overflow vulnerability in gdal 3.10.2 allows a local attacker to cause a denial of service via the OGRSpatialReference::Release function. NOTE: the Supplier indicates that the report is invalid and could not be reproduced.
nvd
Osgeo Gdal vulnerabilities | cvebase