Buffer Overflow in netCDF of GDAL Product by OSGeo
CVE-2019-25050

7.8HIGH

Key Information:

Vendor

Osgeo

Status
Gdal
Vendor
CVE Published:
20 July 2021

What is CVE-2019-25050?

The netCDF component in GDAL versions 2.4.2 through 3.0.4 is susceptible to a stack-based buffer overflow. This vulnerability arises in the handling of attributes through the nc4_get_att and nc_get_att_text functions, as well as in the uffd_cleanup procedure. Exploiting this flaw could allow for arbitrary code execution or crash the application, posing significant security risks to users dependent on this library for geospatial data processing.

References

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/...
x_refsource_MISC
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/...
x_refsource_MISC
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15143
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.