CVE-2026-33147

Name of the Vulnerable Software and Affected Versions GMT versions 6.6.0 and prior

Description GMT is an open source collection of command-line tools for manipulating geographic and Cartesian data sets. A stack-based buffer overflow exists in the gmt remote dataset id function within src/gmt remote.c. This occurs when a specially crafted long string is provided as a dataset identifier, potentially leading to a crash or arbitrary code execution. The issue is triggered when using the which module. This has been addressed with commit 0ad2b49.

Recommendations Versions prior to 6.6.0 should be updated to a newer version that includes commit 0ad2b49.