Executive Summary

CVE-2026-33147 is a stack-based buffer overflow vulnerability in the Generic Mapping Tools (GMT) software, specifically in the function gmt_remote_dataset_id within the source file src/gmt_remote.c.

The vulnerability occurs because the code uses an unsafe string copy operation (strcpy) to copy a dataset identifier string into a fixed-size stack buffer without checking the length of the input. If a specially crafted long string is provided, it can overflow the buffer.

This overflow can cause the program to crash or potentially allow an attacker to execute arbitrary code by overwriting the stack frame, including the return address.

The issue was fixed by replacing the unsafe strcpy call with a bounded copy using strncpy and explicitly null-terminating the buffer to prevent overflow.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can impact users or applications that use GMT, especially through its C API or higher-level interfaces like PyGMT, when processing untrusted dataset names.

• It can cause the GMT program to crash, resulting in Denial of Service.
• In certain environments, it may allow an attacker to execute arbitrary code, potentially compromising system integrity.
• The vulnerability has a high severity score (CVSS 7.3) with low attack complexity and requires no privileges or user interaction.

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring for crashes or abnormal behavior in GMT when processing dataset identifiers, especially those passed via the which module or the C API.'}, {'type': 'paragraph', 'content': 'A proof-of-concept exploit was demonstrated using a Python script with the PyGMT library that sends a specially crafted long string (e.g., 4096 "A" characters followed by fake return addresses) to trigger the buffer overflow.'}, {'type': 'paragraph', 'content': 'Using AddressSanitizer (ASan) during testing can help detect stack buffer overflow conditions in the gmt_remote_dataset_id function.'}, {'type': 'paragraph', 'content': "Suggested commands include running tests with ASan enabled or using a Python script to pass an overly long dataset identifier string to GMT's which module or C API to observe if a crash or memory error occurs."}] [2]

Useful 0 Not Useful 0

Mitigation Strategies

[{'type': 'paragraph', 'content': 'The immediate mitigation step is to update GMT to a version that includes the patch fixing this vulnerability.'}, {'type': 'paragraph', 'content': 'The vulnerability was patched by replacing unsafe strcpy calls with bounded strncpy calls and explicit null-termination to prevent buffer overflow.'}, {'type': 'paragraph', 'content': "Until an updated version is available, avoid processing untrusted or specially crafted long dataset identifier strings via GMT's which module or C API."}, {'type': 'paragraph', 'content': 'Additionally, consider running GMT in a controlled environment with memory safety tools like AddressSanitizer to detect potential exploitation attempts.'}] [1, 2]

Useful 0 Not Useful 0