UBUNTU-CVE-2026-4738
- Source
- https://ubuntu.com/security/CVE-2026-4738
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-4738.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-4738
- Upstream
- Published
- 2026-03-24T04:17:00Z
- Modified
- 2026-04-22T16:34:40.379881Z
- Severity
-
- 9.4 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/S:P/AU:Y/R:U/V:C/RE:L/U:Amber CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in OSGeo gdal (frmts/zlib/contrib/infback9 modules). This vulnerability is associated with program files inftree9.C. This issue affects gdal: before 3.11.0.
- References
Affected packages
Ubuntu:16.04:LTS
gdal
Package
- Name
- gdal
- Purl
- pkg:deb/ubuntu/gdal@1.11.3+dfsg-3build2?arch=source&distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1.*
1.11.2+dfsg-3ubuntu3
1.11.2+dfsg-3ubuntu4
1.11.3+dfsg-2build1
1.11.3+dfsg-2build2
1.11.3+dfsg-2build3
1.11.3+dfsg-3
1.11.3+dfsg-3build1
1.11.3+dfsg-3build2
Ecosystem specific
{
"binaries": [
{
"binary_version": "1.11.3+dfsg-3build2",
"binary_name": "gdal-bin"
},
{
"binary_version": "1.11.3+dfsg-3build2",
"binary_name": "libgdal-java"
},
{
"binary_version": "1.11.3+dfsg-3build2",
"binary_name": "libgdal-perl"
},
{
"binary_version": "1.11.3+dfsg-3build2",
"binary_name": "libgdal1i"
},
{
"binary_version": "1.11.3+dfsg-3build2",
"binary_name": "python-gdal"
},
{
"binary_version": "1.11.3+dfsg-3build2",
"binary_name": "python3-gdal"
}
]
}Ubuntu:18.04:LTS
gdal
Package
- Name
- gdal
- Purl
- pkg:deb/ubuntu/gdal@2.2.3+dfsg-2?arch=source&distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.2.1+dfsg-2build3
2.2.1+dfsg-2build5
2.2.2+dfsg-2build1
2.2.3+dfsg-1
2.2.3+dfsg-2
Ecosystem specific
{
"binaries": [
{
"binary_version": "2.2.3+dfsg-2",
"binary_name": "gdal-bin"
},
{
"binary_version": "2.2.3+dfsg-2",
"binary_name": "gdal-data"
},
{
"binary_version": "2.2.3+dfsg-2",
"binary_name": "libgdal-java"
},
{
"binary_version": "2.2.3+dfsg-2",
"binary_name": "libgdal-perl"
},
{
"binary_version": "2.2.3+dfsg-2",
"binary_name": "libgdal20"
},
{
"binary_version": "2.2.3+dfsg-2",
"binary_name": "python-gdal"
},
{
"binary_version": "2.2.3+dfsg-2",
"binary_name": "python3-gdal"
}
]
}Ubuntu:20.04:LTS
gdal
Package
- Name
- gdal
- Purl
- pkg:deb/ubuntu/gdal@3.0.4+dfsg-1build3?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.4.2+dfsg-1build2
2.4.2+dfsg-1build4
2.4.2+dfsg-2
2.4.3+dfsg-1
3.*
3.0.4+dfsg-1
3.0.4+dfsg-1build1
3.0.4+dfsg-1build2
3.0.4+dfsg-1build3
Ecosystem specific
{
"binaries": [
{
"binary_version": "3.0.4+dfsg-1build3",
"binary_name": "gdal-bin"
},
{
"binary_version": "3.0.4+dfsg-1build3",
"binary_name": "gdal-data"
},
{
"binary_version": "3.0.4+dfsg-1build3",
"binary_name": "libgdal-java"
},
{
"binary_version": "3.0.4+dfsg-1build3",
"binary_name": "libgdal-perl"
},
{
"binary_version": "3.0.4+dfsg-1build3",
"binary_name": "libgdal26"
},
{
"binary_version": "3.0.4+dfsg-1build3",
"binary_name": "python3-gdal"
}
]
}Ubuntu:22.04:LTS
gdal
Package
- Name
- gdal
- Purl
- pkg:deb/ubuntu/gdal@3.4.1+dfsg-1build4?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
3.*
3.2.2+dfsg-3ubuntu2
3.4.0+dfsg-1
3.4.1+dfsg-1
3.4.1+dfsg-1build1
3.4.1+dfsg-1build3
3.4.1+dfsg-1build4
Ecosystem specific
{
"binaries": [
{
"binary_version": "3.4.1+dfsg-1build4",
"binary_name": "gdal-bin"
},
{
"binary_version": "3.4.1+dfsg-1build4",
"binary_name": "gdal-data"
},
{
"binary_version": "3.4.1+dfsg-1build4",
"binary_name": "libgdal-perl"
},
{
"binary_version": "3.4.1+dfsg-1build4",
"binary_name": "libgdal30"
},
{
"binary_version": "3.4.1+dfsg-1build4",
"binary_name": "python3-gdal"
}
]
}Ubuntu:24.04:LTS
gdal
Package
- Name
- gdal
- Purl
- pkg:deb/ubuntu/gdal@3.8.4+dfsg-3ubuntu3?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
3.*
3.7.1+dfsg-1build1
3.8.0+dfsg-1
3.8.1+dfsg-1build1
3.8.2+dfsg-1
3.8.3+dfsg-1
3.8.4+dfsg-1
3.8.4+dfsg-3ubuntu2
3.8.4+dfsg-3ubuntu3
Ecosystem specific
{
"binaries": [
{
"binary_version": "3.8.4+dfsg-3ubuntu3",
"binary_name": "gdal-bin"
},
{
"binary_version": "3.8.4+dfsg-3ubuntu3",
"binary_name": "gdal-data"
},
{
"binary_version": "3.8.4+dfsg-3ubuntu3",
"binary_name": "gdal-plugins"
},
{
"binary_version": "3.8.4+dfsg-3ubuntu3",
"binary_name": "libgdal34t64"
},
{
"binary_version": "3.8.4+dfsg-3ubuntu3",
"binary_name": "python3-gdal"
}
]
}Ubuntu:25.10
gdal
Package
- Name
- gdal
- Purl
- pkg:deb/ubuntu/gdal@3.10.3+dfsg-1build2?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_version": "3.10.3+dfsg-1build2",
"binary_name": "gdal-bin"
},
{
"binary_version": "3.10.3+dfsg-1build2",
"binary_name": "gdal-data"
},
{
"binary_version": "3.10.3+dfsg-1build2",
"binary_name": "gdal-plugins"
},
{
"binary_version": "3.10.3+dfsg-1build2",
"binary_name": "libgdal36"
},
{
"binary_version": "3.10.3+dfsg-1build2",
"binary_name": "python3-gdal"
}
]
}Ubuntu:Pro:14.04:LTS
gdal
Package
- Name
- gdal
- Purl
- pkg:deb/ubuntu/gdal@1.10.1+dfsg-5ubuntu1+esm1?arch=source&distro=esm-infra-legacy/trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1.*
1.9.0-3.1ubuntu4
1.9.0-3.1ubuntu6
1.10.1+dfsg-2
1.10.1+dfsg-2build1
1.10.1+dfsg-3
1.10.1+dfsg-3build1
1.10.1+dfsg-3build2
1.10.1+dfsg-3ubuntu1
1.10.1+dfsg-3ubuntu2
1.10.1+dfsg-5ubuntu1
1.10.1+dfsg-5ubuntu1+esm1
Ecosystem specific
{
"binaries": [
{
"binary_version": "1.10.1+dfsg-5ubuntu1+esm1",
"binary_name": "gdal-bin"
},
{
"binary_version": "1.10.1+dfsg-5ubuntu1+esm1",
"binary_name": "libgdal-java"
},
{
"binary_version": "1.10.1+dfsg-5ubuntu1+esm1",
"binary_name": "libgdal-perl"
},
{
"binary_version": "1.10.1+dfsg-5ubuntu1+esm1",
"binary_name": "libgdal1h"
},
{
"binary_version": "1.10.1+dfsg-5ubuntu1+esm1",
"binary_name": "python-gdal"
},
{
"binary_version": "1.10.1+dfsg-5ubuntu1+esm1",
"binary_name": "python3-gdal"
}
]
}