CVE-2019-25050 — Vulnetix

CVE-2019-25050 PUBLISHED

netCDF in GDAL 2.4.2 through 3.0.4 has a stack-based buffer overflow in nc4_get_att (called from nc4_get_att_tc and nc_get_att_text) and in uffd_cleanup (called from netCDFDataset::~netCDFDataset and netCDFDataset::~netCDFDataset).

EPSS 0.09% · 25.4th percentile

Risk Scores

EPSS Score

0.09%

25.4th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:16.04:LTS	gdal	0, 1.11.2+dfsg-3ubuntu3, 1.11.2+dfsg-3ubuntu4
Ubuntu:18.04:LTS	gdal	*, 0, 2.2.1+dfsg-2build3
Ubuntu:Pro:14.04:LTS	gdal	1.10.1+dfsg-3ubuntu2, 1.10.1+dfsg-5ubuntu1, 1.10.1+dfsg-5ubuntu1+esm1

Exploit Intelligence

Timeline

Jul 20, 2021 EPSS Score
Jul 20, 2021 CVE Published
Sep 17, 2021 EPSS Score
Nov 16, 2021 EPSS Score
Jan 14, 2022 EPSS Score
Mar 15, 2022 EPSS Score
May 13, 2022 EPSS Score
Jul 12, 2022 EPSS Score
Sep 10, 2022 EPSS Score
Nov 9, 2022 EPSS Score
Jan 7, 2023 EPSS Score
Mar 7, 2023 EPSS Score

References

https://ubuntu.com/security/CVE-2019-25050 third-party-advisory
https://github.com/OSGeo/gdal/commit/767e3a56144f676ca738ef8f700e0e56035bd05a third-party-advisory
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/gdal/OSV-2020-420.yaml third-party-advisory
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15143 third-party-advisory
https://github.com/OSGeo/gdal/commit/27b9bf644bcf1208f7d6594bdd104cc8a8bb0646 third-party-advisory
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15156 third-party-advisory
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/gdal/OSV-2020-392.yaml third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2019-25050 third-party-advisory

Open in Interactive Console →