Fluid Attacks Database

Description

GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	gdal	>=0 <2.4.2+dfsg-2	2.4.2+dfsg-2
debian 13	gdal	>=0 <2.4.2+dfsg-2	2.4.2+dfsg-2
pypi	gdal	=1.10.0 \|\| =1.11.0 \|\| =1.11.1 \|\| =1.11.2 \|\| =1.5.0 \|\| =1.5.2 \|\| =1.6.0 \|\| =1.6.1 \|\| =1.7.0 \|\| =1.7.1 \|\| =1.8.1 \|\| =1.9.0 \|\| =1.9.1 \|\| =2.0.0 \|\| =2.0.1 \|\| =2.1.0 \|\| =2.1.3 \|\| =2.2.0 \|\| =2.2.1 \|\| =2.2.2 \|\| =2.2.3 \|\| =2.2.4 \|\| =2.3.0 \|\| =2.3.1 \|\| =2.3.2 \|\| =2.3.3 \|\| =2.4.0 \|\| =2.4.2 \|\| =2.4.3 \|\| =2.4.4 \|\| =3.0.0 \|\| =3.0.1 \|\| >=0 <3.0.2	3.0.2
debian 14	gdal	>=0 <2.4.2+dfsg-2	2.4.2+dfsg-2
debian 11	gdal	>=0 <2.4.2+dfsg-2	2.4.2+dfsg-2

Aliases

References

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.