CVE-2019-17545

Опубликовано: 14 окт. 2019

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded.

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00022.html
Mailing List
Patch
Third Party Advisory
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16178
Issue Tracking
Third Party Advisory
https://github.com/OSGeo/gdal/commit/148115fcc40f1651a5d15fa34c9a8c528e7147bb
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/11/msg00005.html
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/01/msg00004.html
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/09/msg00040.html
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CB7RRPCQP253XA5MYUOLHLRPKNGKVZNT/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVRC3EBQBFBVQC26XJE3AI3KQXC2NGTP/
https://www.oracle.com//security-alerts/cpujul2021.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00022.html
Mailing List
Patch
Third Party Advisory
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16178
Issue Tracking
Third Party Advisory
https://github.com/OSGeo/gdal/commit/148115fcc40f1651a5d15fa34c9a8c528e7147bb
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/11/msg00005.html
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/01/msg00004.html
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/09/msg00040.html
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CB7RRPCQP253XA5MYUOLHLRPKNGKVZNT/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVRC3EBQBFBVQC26XJE3AI3KQXC2NGTP/
https://www.oracle.com//security-alerts/cpujul2021.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:osgeo:gdal:*:*:*:*:*:*:*:*

Версия до 3.0.1 (включая)

Конфигурация 2

Одно из

cpe:2.3:a:oracle:spatial_and_graph:12.2.0.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:spatial_and_graph:19c:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Конфигурация 4

Одно из

cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*

Конфигурация 5

Одно из

cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*

cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

EPSS

Процентиль: 84%

0.02245

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-415

Связанные уязвимости

CVE-2019-17545

CVSS3: 9.8

ubuntu

больше 6 лет назад

GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded.

CVE-2019-17545

CVSS3: 9.8

debian

больше 6 лет назад

GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ...

openSUSE-SU-2019:2466-1

suse-cvrf

около 6 лет назад

Security update for gdal

GHSA-f6m2-5v5j-rhf2

CVSS3: 9.8

github

больше 3 лет назад

GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded.

BDU:2022-03342

CVSS3: 9.8

fstec

больше 6 лет назад

Уязвимость функции OGRExpatRealloc файла ogr/ogr_expat.cpp. библиотеки-транслятора для геопространственных данных GDAL, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

EPSS

Процентиль: 84%

0.02245

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-415