CVE-2026-49014
Received Received - Intake
Stack-Based Buffer Overflow in GDAL NetCDF Driver

Publication date: 2026-05-27

Last updated on: 2026-05-27

Assigner: MITRE

Description
In GDAL 3.1.0 through 3.13.0, scanForGeometryContainers in the netCDF driver allows code execution via a stack-based buffer overflow. It reads a geometry attribute into a fixed-size stack buffer without validating the attribute length. The attacker embeds the exploit as an oversized geometry attribute in a crafted NetCDF file. This achieves arbitrary code execution on the server running GDAL. This is in frmts/netcdf/netcdfsg.cpp.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-27
Last Modified
2026-05-27
Generated
2026-05-27
AI Q&A
2026-05-27
EPSS Evaluated
N/A
NVD
CVE-2026-49014
EUVD
EUVD-2026-32039
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
osgeo gdal From 3.1.0 (inc) to 3.13.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a stack-based buffer overflow in the GDAL library's netCDF driver, specifically in the function scanForGeometryContainers within the netcdfsg.cpp file.

The issue occurs because the function reads a geometry attribute into a fixed-size stack buffer without checking the length of the attribute first.

An attacker can exploit this by embedding an oversized geometry attribute in a specially crafted NetCDF file, which can cause arbitrary code execution on the server running GDAL.


How can this vulnerability impact me? :

This vulnerability can allow an attacker to execute arbitrary code on the server that processes NetCDF files using the vulnerable GDAL versions.

Such arbitrary code execution can lead to full compromise of the affected system, including data theft, data corruption, or disruption of services.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by identifying the presence of vulnerable GDAL versions (3.1.0 through 3.13.0) on your system, especially if the netCDF driver is used.

Since the exploit involves processing crafted NetCDF files with oversized geometry attributes, monitoring or scanning for suspicious NetCDF files being processed or transferred may help detect exploitation attempts.

There is no specific detection command provided, but you can check the installed GDAL version with the following command:

  • gdalinfo --version

Additionally, monitoring logs for crashes or unusual behavior in applications using GDAL's netCDF driver may indicate exploitation attempts.


What immediate steps should I take to mitigate this vulnerability?

The immediate mitigation step is to update GDAL to a version where the vulnerability is fixed.

The fix involves using the helper function that validates attribute lengths with nc_inq_attlen() before reading them, preventing the stack-based buffer overflow.

If updating is not immediately possible, avoid processing untrusted or crafted NetCDF files that could contain oversized geometry attributes.

Also, consider applying any patches provided by your OS or GDAL maintainers that address this issue.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart