Skip to main content

Gpsd

5 CVEs product

Monthly

CVE-2026-58459 HIGH PATCH This Week

Arbitrary shell command execution in gpsd's gpsprof profiling tool (through release-3.27.5) allows an attacker who controls a GPS device's subtype value to run commands as the user rendering the plot. The subtype string - taken from a DEVICES JSON log entry or an NMEA PGRMT sentence - is embedded into a generated gnuplot program's `set title` statement with only double quotes escaped, so backtick payloads execute when the victim renders the plot via the gpsprof/gnuplot workflow. This was reported by VulnCheck; a vendor fix is available (fixed at commit 4c06658), and there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Command Injection Gpsd
NVD GitHub VulDB
CVSS 4.0
8.4
EPSS
0.7%
CVE-2025-67269 HIGH POC PATCH This Week

An integer underflow vulnerability exists in the `nextstate()` function in `gpsd/packet.c` of gpsd versions prior to commit `ffa1d6f40bca0b035fc7f5e563160ebb67199da7`. [CVSS 7.5 HIGH]

Integer Overflow Denial Of Service Gpsd
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-67268 CRITICAL POC PATCH Act Now

gpsd (before commit dc966aa) has a heap buffer overflow in the NMEA2000 satellite view handler (PGN 129540). A malicious satellite count value overwrites the skyview array, enabling code execution on GPS daemon processes. PoC available, patch available.

Heap Overflow Denial Of Service Gpsd RCE Buffer Overflow
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-43628 HIGH POC This Week

An integer underflow vulnerability exists in the NTRIP Stream Parsing functionality of GPSd 3.25.1~dev. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Gpsd
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2013-2038 MEDIUM POC This Month

The NMEA0183 driver in gpsd before 3.9 allows remote attackers to cause a denial of service (daemon termination) and possibly execute arbitrary code via a GPS packet with a malformed $GPGGA. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service RCE Gpsd Ubuntu Linux
NVD
CVSS 2.0
4.3
EPSS
2.0%
EPSS 1% CVSS 8.4
HIGH PATCH This Week

Arbitrary shell command execution in gpsd's gpsprof profiling tool (through release-3.27.5) allows an attacker who controls a GPS device's subtype value to run commands as the user rendering the plot. The subtype string - taken from a DEVICES JSON log entry or an NMEA PGRMT sentence - is embedded into a generated gnuplot program's `set title` statement with only double quotes escaped, so backtick payloads execute when the victim renders the plot via the gpsprof/gnuplot workflow. This was reported by VulnCheck; a vendor fix is available (fixed at commit 4c06658), and there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Command Injection Gpsd
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

An integer underflow vulnerability exists in the `nextstate()` function in `gpsd/packet.c` of gpsd versions prior to commit `ffa1d6f40bca0b035fc7f5e563160ebb67199da7`. [CVSS 7.5 HIGH]

Integer Overflow Denial Of Service Gpsd
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL POC PATCH Act Now

gpsd (before commit dc966aa) has a heap buffer overflow in the NMEA2000 satellite view handler (PGN 129540). A malicious satellite count value overwrites the skyview array, enabling code execution on GPS daemon processes. PoC available, patch available.

Heap Overflow Denial Of Service Gpsd +2
NVD GitHub VulDB
EPSS 1% CVSS 7.5
HIGH POC This Week

An integer underflow vulnerability exists in the NTRIP Stream Parsing functionality of GPSd 3.25.1~dev. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Gpsd
NVD
EPSS 2% CVSS 4.3
MEDIUM POC This Month

The NMEA0183 driver in gpsd before 3.9 allows remote attackers to cause a denial of service (daemon termination) and possibly execute arbitrary code via a GPS packet with a malformed $GPGGA. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service RCE Gpsd +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy