VDB
GCVE-110-MAGEIA-2026-28
GCVE-110-MAGEIA-2026-28
Advisory Published
gpsd before commit dc966aa contains a heap-based out-of-bounds write
vulnerability in the drivers/driver_nmea2000.c file. The hnd_129540
function, which handles NMEA2000 PGN 129540 (GNSS Satellites in View)
packets, fails to validate the user-supplied satellite count against the
size of the skyview array (184 elements). This allows an attacker to
write beyond the bounds of the array by providing a satellite count up
to 255, leading to memory corruption, Denial of Service (DoS), and
potentially arbitrary code execution. (CVE-2025-67268)
An integer underflow vulnerability exists in the `nextstate()` function
in `gpsd/packet.c` of gpsd versions prior to commit
`ffa1d6f40bca0b035fc7f5e563160ebb67199da7`. When parsing a NAVCOM
packet, the payload length is calculated using `lexer->length =
(size_t)c - 4` without checking if the input byte `c` is less than 4.
This results in an unsigned integer underflow, setting `lexer->length`
to a very large value (near `SIZE_MAX`). The parser then enters a loop
attempting to consume this massive number of bytes, causing 100% CPU
utilization and a Denial of Service (DoS) condition. (CVE-2025-67269)
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | python-astropy | 0 (affected), 5.1.1-1.2.mga9 (unaffected) | — |
| Mageia | gpsd | 0 (affected), 3.25-1.1.mga9 (unaffected), 0 (affected), 3.25-1.1.mga9 (unaffected) | — |
Aliases
Browse GCVE Records
73,443 records in the GCVE database · Updated July 18, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.