MEDIUM 5.5

PYSEC-2025-117

Details

Buffer Overflow vulnerability in gdal 3.10.2 allows a local attacker to cause a denial of service via the OGRSpatialReference::Release function. NOTE: the Supplier indicates that the report is invalid and could not be reproduced.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / gdal

Introduced in: 0

No fixed version published yet for gdal (pip). Pin to a known-safe version or switch to an alternative.

References

https://github.com/OSGeo/gdal/issues/12188#issuecomment-2847873794 [REPORT]
https://github.com/lmarch2/poc/blob/main/gdal/gdal.md [EVIDENCE]