Vulnerabilities > CVE-2019-25050 - Out-of-bounds Write vulnerability in Osgeo Gdal

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

osgeo

CWE-787

NVD

Published: 2021-07-20

Updated: 2021-07-29

Summary

netCDF in GDAL 2.4.2 through 3.0.4 has a stack-based buffer overflow in nc4_get_att (called from nc4_get_att_tc and nc_get_att_text) and in uffd_cleanup (called from netCDFDataset::~netCDFDataset and netCDFDataset::~netCDFDataset).

Vulnerable Configurations

Part	Description	Count
Application	Osgeo Osgeo Gdal 2.4.2 Osgeo Gdal 2.4.3 Osgeo Gdal 3.0.0 Osgeo Gdal 3.0.1 Osgeo Gdal 3.0.2 Osgeo Gdal 3.0.3 Osgeo Gdal 3.0.4	10

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://github.com/OSGeo/gdal/commit/767e3a56144f676ca738ef8f700e0e56035bd05a
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/gdal/OSV-2020-420.yaml
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15143
https://github.com/OSGeo/gdal/commit/27b9bf644bcf1208f7d6594bdd104cc8a8bb0646
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15156
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/gdal/OSV-2020-392.yaml