Skip to main content

Gdal CVE-2026-49014

| EUVDEUVD-2026-32039 HIGH
Stack-based Buffer Overflow (CWE-121)
2026-05-27 cve@mitre.org GHSA-wphc-7cm7-8mf7
7.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.4 HIGH
AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
SUSE
HIGH
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
May 27, 2026 - 20:39 vuln.today

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 2 pypi packages depend on gdal (2 direct, 0 indirect)

Ecosystem-wide dependent count for version 3.1.0.

DescriptionCVE.org

In GDAL 3.1.0 through 3.13.0, scanForGeometryContainers in the netCDF driver allows code execution via a stack-based buffer overflow. It reads a geometry attribute into a fixed-size stack buffer without validating the attribute length. The attacker embeds the exploit as an oversized geometry attribute in a crafted NetCDF file. This achieves arbitrary code execution on the server running GDAL. This is in frmts/netcdf/netcdfsg.cpp.

AnalysisAI

Arbitrary code execution in GDAL 3.1.0 through 3.13.0 is reachable through the netCDF driver, where scanForGeometryContainers (frmts/netcdf/netcdfsg.cpp) copies a CF-convention geometry attribute into a fixed-size stack buffer without checking its length. Any service or workflow that feeds attacker-supplied NetCDF files to GDAL can be coerced into overflowing the stack and running attacker code in the process context. No public exploit is identified at time of analysis and EPSS is just 0.01% (3rd percentile), yet the issue carries a CVSS of 7.4 because the outcome is full remote code execution on the host.

More in Gdal

View all
CVE-2019-17545 CRITICAL
9.8 Oct 14

GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exce

CVE-2025-29480 MEDIUM POC
5.5 Apr 07

Buffer Overflow vulnerability in gdal 3.10.2 allows a local attacker to cause a denial of service via the OGRSpatialRefe

CVE-2026-4738 CRITICAL
9.4 Mar 24

A buffer overflow vulnerability in GDAL versions before 3.11.0 within the zlib infback9 module allows remote attackers t

CVE-2019-17546 HIGH
8.8 Oct 14

tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that

CVE-2026-8213 LOW POC
1.9 May 09

Heap-based buffer overflow in OSGeo GDAL's Grid File Handler (GDSDfldsrch function in frmts/hdf4/hdf-eos/GDapi.c) affect

CVE-2026-8212 LOW POC
1.9 May 09

Heap-based buffer overflow in GDAL's HDF4-EOS SWSDfldsrch function (frmts/hdf4/hdf-eos/SWapi.c) allows local authenticat

CVE-2026-8087 LOW POC
1.9 May 07

Heap-based buffer overflow in OSGeo GDAL up to version 3.13.0dev-4 allows local authenticated attackers to corrupt memor

CVE-2026-8084 LOW POC
1.9 May 07

Out-of-bounds read in OSGeo GDAL up to version 3.13.0dev-4 occurs in the HDF-EOS Grid File Handler when parsing malforme

CVE-2026-8086 LOW POC
1.9 May 07

Heap-based buffer overflow in OSGeo GDAL up to 3.13.0dev-4 within the SWnentries function of the HDF4-EOS module allows

CVE-2026-8088 LOW POC
1.9 May 07

Out-of-bounds read in OSGeo GDAL up to version 3.13.0dev-4 affects the GDfieldinfo function in HDF-EOS module when proce

Vendor StatusVendor

SUSE

Severity: High

Share

CVE-2026-49014 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy