Vulnerability CVE-2019-17545: Information
Description
GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded.
Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
gdal | sisyphus | 3.0.4-alt1 | 3.8.5-alt1 | ALT-PU-2020-1428-1 | 240262 | Fixed |
gdal | p10 | 3.0.4-alt1 | 3.0.4-alt1.4 | ALT-PU-2020-1428-1 | 240262 | Fixed |
gdal | p9 | 2.2.3-alt3.1.M90P.3 | 3.0.4-alt1.1.M90P.1 | ALT-PU-2020-3051-1 | 259375 | Fixed |
gdal | c10f1 | 3.0.4-alt1 | 3.0.4-alt1.4 | ALT-PU-2020-1428-1 | 240262 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://github.com/OSGeo/gdal/commit/148115fcc40f1651a5d15fa34c9a8c528e7147bb |
|
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16178 |
|
[debian-lts-announce] 20191109 [SECURITY] [DLA 1984-1] gdal security update |
|
openSUSE-SU-2019:2466 |
|
N/A |
|
[debian-lts-announce] 20220112 [SECURITY] [DLA 2877-1] gdal security update |
|
[debian-lts-announce] 20220930 [SECURITY] [DLA 3129-1] gdal security update |
|
FEDORA-2019-a6960910d8 | |
FEDORA-2019-f511b38b1f |