CVE-2019-25050
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2019-25050
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-25050.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2019-25050
- Aliases
- Downstream
- Published
- 2021-07-20T07:15:07Z
- Modified
- 2025-10-21T05:05:12.638661Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
netCDF in GDAL 2.4.2 through 3.0.4 has a stack-based buffer overflow in nc4getatt (called from nc4getatttc and ncgetatttext) and in uffd_cleanup (called from netCDFDataset::~netCDFDataset and netCDFDataset::~netCDFDataset).
- References
-
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15143
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15156
- https://github.com/OSGeo/gdal/commit/27b9bf644bcf1208f7d6594bdd104cc8a8bb0646
- https://github.com/OSGeo/gdal/commit/767e3a56144f676ca738ef8f700e0e56035bd05a
- https://github.com/google/oss-fuzz-vulns/blob/main/vulns/gdal/OSV-2020-392.yaml
- https://github.com/google/oss-fuzz-vulns/blob/main/vulns/gdal/OSV-2020-420.yaml
Affected packages
Git / github.com/osgeo/gdal
Affected ranges
- Type
- GIT
- Repo
- https://github.com/osgeo/gdal
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixed
Database specific
vanir_signatures
[
{
"source": "https://github.com/osgeo/gdal/commit/27b9bf644bcf1208f7d6594bdd104cc8a8bb0646",
"target": {
"file": "gdal/ogr/ogrsf_frmts/kml/ogrkmllayer.cpp"
},
"deprecated": false,
"id": "CVE-2019-25050-112c1677",
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"182114019274330504405524429607708237822",
"260345988463686926761865667168934854869",
"281242935202487707059003033430704216315",
"223919040550938216905341524769853078179"
]
}
},
{
"source": "https://github.com/osgeo/gdal/commit/767e3a56144f676ca738ef8f700e0e56035bd05a",
"target": {
"function": "attrf",
"file": "gdal/frmts/netcdf/netcdfsg.cpp"
},
"deprecated": false,
"id": "CVE-2019-25050-883d9465",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"length": 387.0,
"function_hash": "302002118971741846913773595126247519048"
}
},
{
"source": "https://github.com/osgeo/gdal/commit/27b9bf644bcf1208f7d6594bdd104cc8a8bb0646",
"target": {
"function": "OGRKMLLayer::OGRKMLLayer",
"file": "gdal/ogr/ogrsf_frmts/kml/ogrkmllayer.cpp"
},
"deprecated": false,
"id": "CVE-2019-25050-bb04300f",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"length": 1654.0,
"function_hash": "35271287751527571686749642692254647707"
}
},
{
"source": "https://github.com/osgeo/gdal/commit/767e3a56144f676ca738ef8f700e0e56035bd05a",
"target": {
"file": "gdal/frmts/netcdf/netcdfsg.cpp"
},
"deprecated": false,
"id": "CVE-2019-25050-df3c9cf9",
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"330050799991627139372582363810828850986",
"43288583624019282758956658056096911854",
"133106679127093124975071662172322506616",
"61584344147969714699023128396183080815",
"29247339718509823662230292100691496337",
"70259280790122801849175533546147055310",
"197632885844845454462511212044286891895",
"219460695381383478241253996762517383813",
"274345183051428644925453191461116232451",
"865604286249530944125010970242137511",
"161961644178719221901322991508777035874",
"156670885929672163293618591419657972737",
"213942214105901386467656383532137497463",
"246811575906086634005411652434159240053",
"63473041997612762628719516071506648911",
"209170788878360836903109474419753571184",
"137639027989884651640185728037995258365"
]
}
}
]