Double Free
CVE-2019-17545
Summary
GDAL through 3.0.1 has a poolDestroy double free in "OGRExpatRealloc" in "ogr/ogr_expat.cpp" when the 10MB threshold is exceeded.
- LOW
- NETWORK
- HIGH
- UNCHANGED
- NONE
- NONE
- HIGH
- HIGH
CWE-415 - Double Free
The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.
References
Advisory Timeline
- Published
