PT-2026-27316 · Osgeo · Gdal
Titan Team
·
Publicado
2026-03-24
·
Atualizado
2026-04-28
·
CVE-2026-4738
CVSS v4.0
9.4
Crítica
| Vetor | AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/S:P/AU:Y/R:U/V:C/RE:L/U:Amber |
Name of the Vulnerable Software and Affected Versions
OSGeo gdal versions prior to 3.11.0
Description
A flaw exists in OSGeo gdal related to improper restriction of operations within the bounds of a memory buffer. This issue is located in the
frmts/zlib/contrib/infback9 modules, specifically within the inftree9.c file. The problem stems from incorrect pointer arithmetic in the bundled zlib library, potentially allowing attackers to corrupt heap memory through malformed compressed data, which could lead to remote code execution.Recommendations
Update to version 3.11.0 or later.
Correção
Buffer Overflow
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Gdal