Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

GDAL: Heap Buffer Overflow — GLSA 202210-15

A heap buffer overflow vulnerability has been found in GDAL which could result in denial of service.

Affected packages

Package sci-libs/gdal on all architectures
Affected versions < 3.4.1
Unaffected versions >= 3.4.1

Background

GDAL is a geospatial data abstraction library.

Description

GDAL does not sufficiently sanitize input when loading PCIDSK binary segments.

Impact

Loading crafted PCIDSK data via GDAL could result in denial of service.

Workaround

There is no known workaround at this time.

Resolution

All GDAL users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=sci-libs/gdal-3.4.1"

References

Release date
October 31, 2022

Latest revision
October 31, 2022: 1

Severity
low

Exploitable
remote

Bugzilla entries