Impact
An over-read occurs in the GDALRaster constructor when initialized with a raw bytes object, allowing adjacent memory to be read; this can leak sensitive data or cause a segmentation fault when the vsi_buffer property is accessed. The flaw is a classic buffer over-read (CWE‑805) that threatens application confidentiality by exposing memory contents and reliability by potentially destabilizing the process.
Affected Systems
The vulnerability affects Django 5.2 releases before 5.2.16 and Django 6.0 releases before 6.0.7. Earlier series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated but may also be impacted.
Risk and Exploitability
The CVSS score of 6.3 indicates a medium severity. EPSS information is not available and the flaw is not listed in the CISA KEV catalog. The likely attack vector is inferred to be a remote request that supplies untrusted GIS byte data to the application; crafting the malicious buffer would be required, implying that an attacker could exploit this flaw if the application processes external GIS inputs without proper validation.
OpenCVE Enrichment