#VU22614 Double Free in GDAL - CVE-2019-17545

Cybersecurity Help s.r.o.

Published: 2019-11-10

Vulnerability identifier: #VU22614

Vulnerability risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2019-17545

CWE-ID: CWE-415

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
GDAL
Universal components / Libraries / Libraries used by multiple products

Vendor: gdal.org

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the OGRExpatRealloc() function in ogr/ogr_expat.cpp. A remote attacker can pass a large amount of data to the application (more than 10M), trigger double free error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

GDAL: 2.4.0 - 3.0.1

External links
https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00022.html
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16178
https://github.com/OSGeo/gdal/commit/148115fcc40f1651a5d15fa34c9a8c528e7147bb

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Oracle Database Server

Fedora 30 update for mingw-gdal

Fedora 31 update for mingw-cfitsio, mingw-gdal

OpenSUSE Linux update for gdal

Multiple vulnerabilities in GDAL