Out-of-bounds read in Django - CVE-2026-53877
Published: July 7, 2026
Django
Detailed vulnerability description
The vulnerability allows a local user to disclose sensitive information.
The vulnerability exists due to a heap-based buffer overflow in django.contrib.gis.gdal.GDALRaster vsi_buffer handling when parsing a bytes object representing a raster file. A local user can supply a crafted raster bytes object to disclose sensitive information.
Only rasters stored in GDAL's virtual filesystem are affected, and the issue may also cause a segmentation fault in rare cases.