CVE-2025-29480

Publication date 7 April 2025

Last updated 16 January 2026

Ubuntu priority

Cvss 3 Severity Score

Description

Buffer Overflow vulnerability in gdal 3.10.2 allows a local attacker to cause a denial of service via the OGRSpatialReference::Release function. NOTE: the Supplier indicates that the report is invalid and could not be reproduced.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
gdal	25.10 questing	Ignored vulnerabilty has been disputed by upstream maintainers
	25.04 plucky	Ignored end of life, was ignored [vulnerabilty has been disputed by upstream maintainers]
	24.10 oracular	Ignored end of life, was needs-triage
	24.04 LTS noble	Ignored vulnerabilty has been disputed by upstream maintainers
	22.04 LTS jammy	Ignored vulnerabilty has been disputed by upstream maintainers
	20.04 LTS focal	Ignored end of standard support, was needs-triage
	18.04 LTS bionic	Ignored vulnerabilty has been disputed by upstream maintainers
	16.04 LTS xenial	Ignored end of ESM support, was ignored [vulnerabilty has been disputed by upstream maintainers]
	14.04 LTS trusty	Ignored vulnerabilty has been disputed by upstream maintainers

Notes

shishirsub10

Upstream were unable to reproduce the vulnerability, and the line numbers stated in the PoC does not match the relevant line numbers in upstream.

Severity score breakdown

CVSS version: CVSS v3.0

Base score 5.5 · Medium

Base metrics

Parameter	Value
Attack vector	Local
Attack complexity	Low
Privileges required	Low
User interaction	None
Scope	Unchanged
Confidentiality impact	None
Integrity impact	None
Availability impact	High

Scores

Parameter	Value
Base score	5.5 · Medium
Exploitability score	-
Impact score	-

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H