CVE-2026-4738

UNKNOWN 0.0

GDAL Bundled zlib (inftree9.c) Pointer Offset Optimization Undefined Behavior Allows Heap Corruption or Remote Code Execution

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

13th

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in OSGeo gdal (frmts/zlib/contrib/infback9 modules). This vulnerability is associated with program files inftree9.C‎. This issue affects gdal: before 3.11.0.

CWE	CWE-119
Vendor	osgeo
Product	gdal
Published	Mar 24, 2026
Last Updated	Mar 24, 2026

Stay Ahead of the Next One

Get instant alerts for osgeo gdal

Be the first to know when new unknown vulnerabilities affecting osgeo gdal are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

OSGeo / gdal

0 < 3.11.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/OSGeo/gdal/pull/12244

Credits

🔍 TITAN Team ([email protected])