Description
An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16.
`django.contrib.gis.gdal.GDALRaster` over-reads its in-memory buffer when constructed from a bytes object, which can disclose adjacent memory or cause service degradation via a potential segmentation fault when the `vsi_buffer` property is accessed.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Bence Nagy for reporting this issue.
Published: 2026-07-07
Score: 6.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An over-read occurs in the GDALRaster constructor when initialized with a raw bytes object, allowing adjacent memory to be read; this can leak sensitive data or cause a segmentation fault when the vsi_buffer property is accessed. The flaw is a classic buffer over-read (CWE‑805) that threatens application confidentiality by exposing memory contents and reliability by potentially destabilizing the process.

Affected Systems

The vulnerability affects Django 5.2 releases before 5.2.16 and Django 6.0 releases before 6.0.7. Earlier series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated but may also be impacted.

Risk and Exploitability

The CVSS score of 6.3 indicates a medium severity. EPSS information is not available and the flaw is not listed in the CISA KEV catalog. The likely attack vector is inferred to be a remote request that supplies untrusted GIS byte data to the application; crafting the malicious buffer would be required, implying that an attacker could exploit this flaw if the application processes external GIS inputs without proper validation.

Generated by OpenCVE AI on July 8, 2026 at 09:06 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to Django 5.2.16, 6.0.7, or later releases that contain the fix for the GDALRaster buffer over-read.
  • Validate or sanitize any user‑supplied GIS byte data before passing it to GDALRaster; enforce structure and size limits to prevent crafting of malicious buffers.
  • If an immediate upgrade is not possible, restrict access to endpoints that process GIS byte data, impose strict input size limits, and monitor application logs for segmentation faults or memory access violations to detect potential exploitation attempts.

Generated by OpenCVE AI on July 8, 2026 at 09:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Jul 2026 17:30:00 +0000

Type Values Removed Values Added
First Time appeared Djangoproject
Djangoproject django
Vendors & Products Djangoproject
Djangoproject django

Tue, 07 Jul 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 07 Jul 2026 15:00:00 +0000

Type Values Removed Values Added
Description An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. `django.contrib.gis.gdal.GDALRaster` over-reads its in-memory buffer when constructed from a bytes object, which can disclose adjacent memory or cause service degradation via a potential segmentation fault when the `vsi_buffer` property is accessed. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Bence Nagy for reporting this issue.
Title Heap buffer over-read in GDALRaster
Weaknesses CWE-805
References
Metrics cvssV3_1

{'score': 4.8, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L'}

cvssV4_0

{'score': 6.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N'}


Subscriptions

Djangoproject Django
cve-icon MITRE

Status: PUBLISHED

Assigner: DSF

Published:

Updated: 2026-07-07T14:59:07.106Z

Reserved: 2026-06-11T01:11:27.545Z

Link: CVE-2026-53877

cve-icon Vulnrichment

Updated: 2026-07-07T14:59:02.364Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-08T09:15:03Z

Weaknesses
  • CWE-805

    Buffer Access with Incorrect Length Value