Description
In GDAL 3.1.0 through 3.13.0, scanForGeometryContainers in the netCDF driver allows code execution via a stack-based buffer overflow. It reads a geometry attribute into a fixed-size stack buffer without validating the attribute length. The attacker embeds the exploit as an oversized geometry attribute in a crafted NetCDF file. This achieves arbitrary code execution on the server running GDAL. This is in frmts/netcdf/netcdfsg.cpp.
Published: 2026-05-27
Score: 7.4 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability originates from the netCDF driver’s scanForGeometryContainers function, which copies a geometry attribute into a fixed-size stack buffer without validating the size, enabling a stack-based buffer overflow. This weakness (CWE-121) permits an attacker to inject code by crafting an oversized geometry attribute, resulting in arbitrary code execution on the system running GDAL.

Affected Systems

GDAL 3.1.0 through 3.13.0, inclusive, are affected. These versions are susceptible to the overflow described above and are issued by the GDAL project.

Risk and Exploitability

With a CVSS score of 7.4 the vulnerability is high severity. EPSS data is unavailable, and the issue is not listed in the CISA KEV catalog, suggesting limited public exploitation yet retaining a significant risk if an attacker can supply a malicious NetCDF file to the target. The attack vector, inferred from the description, is that any process using GDAL to read NetCDF data could be hijacked by an attacker who can supply such a file.

Generated by OpenCVE AI on May 27, 2026 at 03:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade GDAL to version 3.14.0 or later to remove the vulnerable code path.
  • If an upgrade cannot be performed immediately, reject or sanitize untrusted NetCDF files and enforce strict access controls so only privileged users can provide input to GDAL.
  • Apply alternative input validation or bounds checking in custom code that processes NetCDF geometries to guard against overflow conditions.

Generated by OpenCVE AI on May 27, 2026 at 03:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://github.com/OSGeo/gdal/issues/14594 cve-icon cve-icon cve-icon
History

Wed, 27 May 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 27 May 2026 03:45:00 +0000

Type Values Removed Values Added
Title Stack-Based Buffer Overflow in GDAL NetCDF Driver Allows Arbitrary Code Execution

Wed, 27 May 2026 02:15:00 +0000

Type Values Removed Values Added
Description In GDAL 3.1.0 through 3.13.0, scanForGeometryContainers in the netCDF driver allows code execution via a stack-based buffer overflow. It reads a geometry attribute into a fixed-size stack buffer without validating the attribute length. The attacker embeds the exploit as an oversized geometry attribute in a crafted NetCDF file. This achieves arbitrary code execution on the server running GDAL. This is in frmts/netcdf/netcdfsg.cpp.
First Time appeared Gdal
Gdal gdal
Weaknesses CWE-121
CPEs cpe:2.3:a:gdal:gdal:*:*:*:*:*:*:*:*
Vendors & Products Gdal
Gdal gdal
References
Metrics cvssV3_1

{'score': 7.4, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Gdal Gdal
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-05-27T13:52:05.905Z

Reserved: 2026-05-27T01:39:18.239Z

Link: CVE-2026-49014

cve-icon Vulnrichment

Updated: 2026-05-27T13:52:00.723Z

cve-icon NVD

Status : Received

Published: 2026-05-27T02:16:34.180

Modified: 2026-05-27T14:17:33.440

Link: CVE-2026-49014

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-27T03:30:06Z

Weaknesses