netCDF in GDAL 2.4.2 up to and including 3.0.4 has a stack-based buffer overflow in nc4_get_att (called from nc4_get_att_tc and nc_get_att_text) and in uffd_cleanup (called from netCDFDataset::~netCDFDataset and netCDFDataset::~netCDFDataset).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
osgeo gdal |