{"id":"PYSEC-2019-241","details":"GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded.","aliases":["CVE-2019-17545"],"modified":"2023-11-13T19:58:32.162702Z","published":"2019-10-14T02:15:00Z","references":[{"type":"FIX","url":"https://github.com/OSGeo/gdal/commit/148115fcc40f1651a5d15fa34c9a8c528e7147bb"},{"type":"WEB","url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16178"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2019/11/msg00005.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00022.html"},{"type":"WEB","url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2022/01/msg00004.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2022/09/msg00040.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVRC3EBQBFBVQC26XJE3AI3KQXC2NGTP/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CB7RRPCQP253XA5MYUOLHLRPKNGKVZNT/"}],"affected":[{"package":{"name":"gdal","ecosystem":"PyPI","purl":"pkg:pypi/gdal"},"ranges":[{"type":"GIT","repo":"https://github.com/OSGeo/gdal","events":[{"introduced":"0"},{"fixed":"148115fcc40f1651a5d15fa34c9a8c528e7147bb"}]},{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.0.2"}]}],"versions":["1.10.0","1.11.0","1.11.1","1.11.2","1.5.0","1.5.2","1.6.0","1.6.1","1.7.0","1.7.1","1.8.1","1.9.0","1.9.1","2.0.0","2.0.1","2.1.0","2.1.3","2.2.0","2.2.1","2.2.2","2.2.3","2.2.4","2.3.0","2.3.1","2.3.2","2.3.3","2.4.0","2.4.2","2.4.3","2.4.4","3.0.0","3.0.1"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/gdal/PYSEC-2019-241.yaml"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}