JLSEC-2026-282

See a problem?
Please try reporting it to the source first.
Source
https://github.com/JuliaLang/SecurityAdvisories.jl/blob/main/advisories/published/2026/JLSEC-2026-282.md
Import Source
https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-282.json
JSON Data
https://api.osv.dev/v1/vulns/JLSEC-2026-282
Upstream
Published
2026-04-28T13:07:10.945Z
Modified
2026-04-28T13:15:14.519091Z
Summary
[none]
Details

netCDF in GDAL 2.4.2 through 3.0.4 has a stack-based buffer overflow in nc4getatt (called from nc4getatttc and ncgetatttext) and in uffd_cleanup (called from netCDFDataset::~netCDFDataset and netCDFDataset::~netCDFDataset).

Database specific 
{
    "license": "CC-BY-4.0",
    "sources": [
        {
            "database_specific": {
                "status": "Modified"
            },
            "modified": "2024-11-21T04:39:49.933Z",
            "id": "CVE-2019-25050",
            "published": "2021-07-20T07:15:07.603Z",
            "imported": "2026-04-28T00:44:11.644Z",
            "html_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25050",
            "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2019-25050"
        }
    ]
}
References

Affected packages

Julia / GDAL_jll

Package

Name
GDAL_jll
Purl
pkg:julia/GDAL_jll?uuid=a7073274-a066-55f0-b90d-d619367d196c

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.2.0+0

Database specific

source 
"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-282.json"