PT-2026-56196 · Djangoproject · Django

Bence Nagy

+1

·

Publicado

2026-07-07

·

Atualizado

2026-07-07

·

CVE-2026-53877

CVSS v3.1

4.8

Média

VetorAV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. django.contrib.gis.gdal.GDALRaster over-reads its in-memory buffer when constructed from a bytes object, which can disclose adjacent memory or cause service degradation via a potential segmentation fault when the vsi buffer property is accessed. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Bence Nagy for reporting this issue.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Enumeração de Fraquezas

Identificadores relacionados

CVE-2026-53877

Produtos afetados

Django