How to fix CVE-2025-29480?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Is Gdal affected by CVE-2025-29480?

Organizations using Buffer Overflow vulnerability in gdal 3.10.2 should be aware of moderate risk from CVE-2025-29480, a buffer overflow vulnerability rated CVSS 5.5. Exploitation could cause memory corruption or application crashes. Proof-of-concept code is publicly available.

CVE-2025-29480

MEDIUM

2025-04-07 [email protected]

5.5

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 18:35 vuln.today

PoC Detected

Jul 23, 2025 - 15:15 vuln.today

Public exploit code

CVE Published

Apr 07, 2025 - 20:15 nvd

MEDIUM 5.5

Description

Buffer Overflow vulnerability in gdal 3.10.2 allows a local attacker to cause a denial of service via the OGRSpatialReference::Release function. NOTE: the Supplier indicates that the report is invalid and could not be reproduced.

Analysis

Buffer Overflow vulnerability in gdal 3.10.2 allows a local attacker to cause a denial of service via the OGRSpatialReference::Release function. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Technical Context

This vulnerability is classified as Buffer Copy without Size Check (CWE-120), which allows attackers to overflow a buffer to corrupt adjacent memory. Buffer Overflow vulnerability in gdal 3.10.2 allows a local attacker to cause a denial of service via the OGRSpatialReference::Release function. NOTE: the Supplier indicates that the report is invalid and could not be reproduced. Affected products include: Osgeo Gdal.

Affected Products

Osgeo Gdal.

Remediation

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Always validate buffer sizes before copy operations. Use bounded functions (strncpy, snprintf). Enable compiler protections.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +28

POC: +20

Vendor Status

CVE-2025-29480 vulnerability details – vuln.today

Back

CVE-2025-29480

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Share

CVE-2025-29480

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Share

External POC / Exploit Code