Mkamensky

**Name of the Vulnerable Software and Affected Versions** GDAL versions 3.1.0 through 3.13.0 **Description** The netCDF driver contains a stack-based buffer overflow in the `scanForGeometryContainers()` function located in `frmts/netcdf/netcdfsg.cpp`. The issue occurs because the function reads a geometry attribute into a fixed-size stack buffer without validating the attribute length. An attacker can exploit this by using a crafted NetCDF file containing an oversized geometry attribute to achieve arbitrary code execution on the server running the software. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.