{"id":"PYSEC-2025-117","details":"Buffer Overflow vulnerability in gdal 3.10.2 allows a local attacker to cause a denial of service via the OGRSpatialReference::Release function. NOTE: the Supplier indicates that the report is invalid and could not be reproduced.","aliases":["BIT-gdal-2025-29480","CVE-2025-29480"],"modified":"2026-05-21T15:00:12.834601374Z","published":"2025-04-07T20:15:20.607Z","references":[{"type":"REPORT","url":"https://github.com/OSGeo/gdal/issues/12188#issuecomment-2847873794"},{"type":"EVIDENCE","url":"https://github.com/lmarch2/poc/blob/main/gdal/gdal.md"}],"affected":[{"package":{"name":"gdal","ecosystem":"PyPI","purl":"pkg:pypi/gdal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"last_affected":"3.10.2-NA"}]}],"ecosystem_specific":{},"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/gdal/PYSEC-2025-117.yaml"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}