HIGH
GDAL
CVE published 2026-05-27
CVE-2026-49014
A stack-based buffer overflow vulnerability exists in the GDAL netCDF driver affecting versions 3.1.0 through 3.13.0. The flaw resides in the `scanForGeometryContainers` function within `frmts/netcdf/netcdfsg.cpp`, where a geometry attribute is read into a fixed-size stack buffer without length validation. An attacker can achieve arbitrary code execution by embedding an oversized geometry attribute in a c [truncated]