{"id":"CVE-2025-29480","details":"Buffer Overflow vulnerability in gdal 3.10.2 allows a local attacker to cause a denial of service via the OGRSpatialReference::Release function. NOTE: the Supplier indicates that the report is invalid and could not be reproduced.","aliases":["BIT-gdal-2025-29480"],"modified":"2026-04-10T05:25:20.722045Z","published":"2025-04-07T20:15:20.607Z","references":[{"type":"REPORT","url":"https://github.com/OSGeo/gdal/issues/12188#issuecomment-2847873794"},{"type":"EVIDENCE","url":"https://github.com/lmarch2/poc/blob/main/gdal/gdal.md"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/osgeo/gdal","events":[{"introduced":"0"},{"last_affected":"e31053b64d9db2e0dc6f8eec0982908a2087eedf"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"3.10.2-NA"}]}}],"versions":["2.4.4","3.0.3","v2.3.0beta1","v2.4.0","v3.1.0RC1","v3.10.0","v3.10.0RC1","v3.10.0RC2","v3.10.0RC3","v3.10.0beta1","v3.10.1","v3.10.1RC1","v3.10.1RC2","v3.10.2","v3.10.2RC1","v3.3.0","v3.3.0RC1","v3.3.0beta1","v3.5.0RC1","v3.6.0RC1","v3.8.0RC1","v3.8.0beta1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-29480.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}