Bug#1103839: gdal: CVE-2025-29480
Salvatore Bonaccorso
carnil at debian.org
Mon Apr 21 20:35:53 BST 2025
Source: gdal
Version: 3.10.2+dfsg-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/OSGeo/gdal/issues/12188
X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at security.debian.org>
Hi,
The following vulnerability was published for gdal.
CVE-2025-29480[0]:
| Buffer Overflow vulnerability in gdal 3.10.2 allows a local attacker
| to cause a denial of service via the OGRSpatialReference::Release
| function.
There was a report at [1] but it is unclear if it was reported
upstream and if newer version fix the issue, maybe you have some
additional information? if so might you please add it to [2] as well?
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-29480
https://www.cve.org/CVERecord?id=CVE-2025-29480
[1] https://github.com/lmarch2/poc/blob/main/gdal/gdal.md
[2] https://github.com/OSGeo/gdal/issues/12188
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the Pkg-grass-devel
mailing list