PT-2026-27316 · Osgeo · Gdal
Titan Team
·
Published
2026-03-24
·
Updated
2026-04-28
·
CVE-2026-4738
CVSS v4.0
9.4
Critical
| Vector | AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/S:P/AU:Y/R:U/V:C/RE:L/U:Amber |
Name of the Vulnerable Software and Affected Versions
OSGeo gdal versions prior to 3.11.0
Description
A flaw exists in OSGeo gdal related to improper restriction of operations within the bounds of a memory buffer. This issue is located in the
frmts/zlib/contrib/infback9 modules, specifically within the inftree9.c file. The problem stems from incorrect pointer arithmetic in the bundled zlib library, potentially allowing attackers to corrupt heap memory through malformed compressed data, which could lead to remote code execution.Recommendations
Update to version 3.11.0 or later.
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gdal