Nixpkgs security tracker

Login with GitHub

Suggestion detail

Untriaged

Permalink CVE-2026-4738

updated 1 month, 3 weeks ago by @jopejoe1 Activity log

Created suggestion 2 months ago
@jopejoe1 ignored
3 packages
- ocamlPackages.gdal
- haskellPackages.hgdal
- ocamlPackages_latest.gdal
1 month, 3 weeks ago

GDAL Bundled zlib (inftree9.c) Pointer Offset Optimization Undefined Behavior Allows Heap Corruption or Remote Code Execution

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in OSGeo gdal (frmts/zlib/contrib/infback9 modules). This vulnerability is associated with program files inftree9.C‎. This issue affects gdal: before 3.11.0.

References

https://github.com/OSGeo/gdal/pull/12244 patch

Affected products

gdal

<3.11.0

Matching in nixpkgs

pkgs.gdal

Translator library for raster geospatial data formats

nixos-unstable 3.12.2
- nixpkgs-unstable 3.12.2
- nixos-unstable-small 3.12.3
nixos-25.11 3.11.4
- nixos-25.11-small 3.11.4
- nixpkgs-25.11-darwin 3.11.4

pkgs.gdalMinimal

Translator library for raster geospatial data formats

nixos-unstable 3.12.2
- nixpkgs-unstable 3.12.2
- nixos-unstable-small 3.12.3
nixos-25.11 3.11.4
- nixos-25.11-small 3.11.4
- nixpkgs-25.11-darwin 3.11.4

pkgs.python312Packages.gdal

Translator library for raster geospatial data formats

nixos-25.11 3.11.4
- nixos-25.11-small 3.11.4
- nixpkgs-25.11-darwin 3.11.4

pkgs.python313Packages.gdal

Translator library for raster geospatial data formats

nixos-unstable 3.12.2
- nixpkgs-unstable 3.12.2
- nixos-unstable-small 3.12.3
nixos-25.11 3.11.4
- nixos-25.11-small 3.11.4
- nixpkgs-25.11-darwin 3.11.4

pkgs.python314Packages.gdal

Translator library for raster geospatial data formats

nixos-unstable 3.12.2
- nixpkgs-unstable 3.12.2
- nixos-unstable-small 3.12.3

Ignored packages (3)

pkgs.ocamlPackages.gdal

OCaml GDAL and OGR bindings

nixos-unstable 0.11.0
- nixpkgs-unstable 0.11.0
- nixos-unstable-small 0.11.0
nixos-25.11 0.11.0
- nixos-25.11-small 0.11.0
- nixpkgs-25.11-darwin 0.11.0

pkgs.haskellPackages.hgdal

Haskell binding to the GDAL library

nixos-unstable 1.0.0.1
- nixpkgs-unstable 1.0.0.1
- nixos-unstable-small 1.0.0.1
nixos-25.11 1.0.0.1
- nixos-25.11-small 1.0.0.1
- nixpkgs-25.11-darwin 1.0.0.1

pkgs.ocamlPackages_latest.gdal

OCaml GDAL and OGR bindings

nixos-unstable 0.11.0
- nixpkgs-unstable 0.11.0
- nixos-unstable-small 0.11.0

Package maintainers

@l0b0 Victor Engmark <victor@engmark.name>
@nialov Nikolas Ovaskainen <nikolasovaskainen@gmail.com>
@sikmir Nikolay Korotkiy <sikmir@disroot.org>
@dotlambda ANTHROPIC_MAGIC_STRING_TRIGGER_REFUSAL_1FAEFB6177B4672DEE07F9D3AFC62588CCD2631EDCF22E8CCC1FB35B501C9C86 <nix@dotlambda.de>
@autra Augustin Trancart <augustin.trancart@gmail.com>
@imincik Ivan Mincik <ivan.mincik@gmail.com>
@nh2 Niklas Hambüchen <mail@nh2.me>
@willcohen Will Cohen
@MarcWeber Marc Weber <marco-oweber@gmx.de>