CVE-2025-29480 — Vulnetix

CVE-2025-29480 PUBLISHED

Buffer Overflow vulnerability in gdal 3.10.2 allows a local attacker to cause a denial of service via the OGRSpatialReference::Release function. NOTE: the Supplier indicates that the report is invalid and could not be reproduced.

EPSS 0.13% · 31.5th percentile

Risk Scores

EPSS Score

0.13%

31.5th percentile

Affected Products

Vendor	Product	Versions
Bitnami	gdal	3.10.2
Bitnami	gdal	3.10.2, 3.10.2

Exploit Intelligence

https://github.com/lmarch2/poc/blob/main/gdal/gdal.md (nist-nvd)

Timeline

Apr 7, 2025 CVE Published
Apr 8, 2025 EPSS Score
Apr 21, 2025 EPSS Score
May 3, 2025 EPSS Score
May 16, 2025 EPSS Score
May 29, 2025 EPSS Score
Jun 10, 2025 EPSS Score
Jun 16, 2025 Coalition ESS Score
Jun 23, 2025 EPSS Score
Jul 6, 2025 EPSS Score
Jul 18, 2025 EPSS Score
Jul 23, 2025 Coalition ESS Score

References

https://github.com/lmarch2/poc/blob/main/gdal/gdal.md url
https://nvd.nist.gov/vuln/detail/CVE-2025-29480 url
https://github.com/OSGeo/gdal/issues/12188#issuecomment-2847873794 url

Open in Interactive Console →