CVE-2019-17545

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions GDAL versions 3.0.1 and earlier

Description The issue is related to a double free in the OGRExpatRealloc function in the ogr/ogr expat.cpp file of the GDAL library, which occurs when the 10MB threshold is exceeded. This can allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service.

Recommendations For GDAL versions 3.0.1 and earlier, consider updating to a version that fixes the double free issue in the OGRExpatRealloc function. As a temporary workaround, consider restricting the use of the OGRExpatRealloc function in the ogr/ogr expat.cpp file to minimize the risk of exploitation.

Fix

Double Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-415

Related Identifiers

ALT-PU-2020-1428

ALT-PU-2020-3051

ALT-PU-2021-1729

ALT-PU-2025-1397

BDU:2022-03342

CVE-2019-17545

DLA-1984-1

DLA-2877-1

DLA-3129-1

MGASA-2020-0068

OPENSUSE-SU-2019:2466-1

OPENSUSE-SU-2019_2466-1

PYSEC-2019-241

Affected Products

Alt Linux

Astra Linux

Gdal

Suse

CVE-2019-17545

Weakness Enumeration

Related Identifiers

Affected Products

References · 40