CVE-2026-49014
Analyzed Analyzed - Analysis Complete
Stack-Based Buffer Overflow in GDAL NetCDF Driver

Publication date: 2026-05-27

Last updated on: 2026-06-04

Assigner: MITRE

Description
In GDAL 3.1.0 through 3.13.0, scanForGeometryContainers in the netCDF driver allows code execution via a stack-based buffer overflow. It reads a geometry attribute into a fixed-size stack buffer without validating the attribute length. The attacker embeds the exploit as an oversized geometry attribute in a crafted NetCDF file. This achieves arbitrary code execution on the server running GDAL. This is in frmts/netcdf/netcdfsg.cpp.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-27
Last Modified
2026-06-04
Generated
2026-06-16
AI Q&A
2026-05-27
EPSS Evaluated
2026-06-15
NVD
CVE-2026-49014
EUVD
EUVD-2026-32039
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
osgeo gdal From 3.1.0 (inc) to 3.13.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability allows arbitrary code execution on servers running GDAL due to a stack-based buffer overflow in the netCDF driver. This could lead to unauthorized access, data manipulation, or data breaches.

Such unauthorized access or data breaches can impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of sensitive data and maintaining system integrity.

Therefore, if exploited, this vulnerability could result in violations of these regulations due to potential exposure or compromise of protected data.

Executive Summary

This vulnerability is a stack-based buffer overflow in the GDAL library's netCDF driver, specifically in the function scanForGeometryContainers within the netcdfsg.cpp file.

The issue occurs because the function reads a geometry attribute into a fixed-size stack buffer without checking the length of the attribute first.

An attacker can exploit this by embedding an oversized geometry attribute in a specially crafted NetCDF file, which can cause arbitrary code execution on the server running GDAL.

Impact Analysis

This vulnerability can allow an attacker to execute arbitrary code on the server that processes NetCDF files using the vulnerable GDAL versions.

Such arbitrary code execution can lead to full compromise of the affected system, including data theft, data corruption, or disruption of services.

Detection Guidance

This vulnerability can be detected by identifying the presence of vulnerable GDAL versions (3.1.0 through 3.13.0) on your system, especially if the netCDF driver is used.

Since the exploit involves processing crafted NetCDF files with oversized geometry attributes, monitoring or scanning for suspicious NetCDF files being processed or transferred may help detect exploitation attempts.

There is no specific detection command provided, but you can check the installed GDAL version with the following command:

  • gdalinfo --version

Additionally, monitoring logs for crashes or unusual behavior in applications using GDAL's netCDF driver may indicate exploitation attempts.

Mitigation Strategies

The immediate mitigation step is to update GDAL to a version where the vulnerability is fixed.

The fix involves using the helper function that validates attribute lengths with nc_inq_attlen() before reading them, preventing the stack-based buffer overflow.

If updating is not immediately possible, avoid processing untrusted or crafted NetCDF files that could contain oversized geometry attributes.

Also, consider applying any patches provided by your OS or GDAL maintainers that address this issue.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-49014. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart