gdal@2.4.2 vulnerabilities

GDAL: Geospatial Data Abstraction Library

Known vulnerabilities in the gdal package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Vulnerability	Vulnerable Version
M Denial of Service (DoS) GDAL is a number of tools for programming and manipulating the GDAL Geospatial Data Abstraction Library. Affected versions of this package are vulnerable to Denial of Service (DoS) when processing an index `.idx` file with sub-messages with GRIB2 files. How to fix Denial of Service (DoS)? Upgrade `GDAL` to version 3.6.0 or higher.	[,3.6.0)
H Out-of-bounds Read GDAL is a number of tools for programming and manipulating the GDAL Geospatial Data Abstraction Library. Affected versions of this package are vulnerable to Out-of-bounds Read due to an insecure memory allocation in the `CPLRecodeFromWCharIconV` function. How to fix Out-of-bounds Read? Upgrade `GDAL` to version 3.4.3 or higher.	[,3.4.3)
M Denial of Service (DoS) GDAL is a number of tools for programming and manipulating the GDAL Geospatial Data Abstraction Library. Affected versions of this package are vulnerable to Denial of Service (DoS) via the `OverviewScan` function. How to fix Denial of Service (DoS)? Upgrade `GDAL` to version 3.1.0 or higher.	[,3.1.0)
H Double Free GDAL is a number of tools for programming and manipulating the GDAL Geospatial Data Abstraction Library. Affected versions of this package are vulnerable to Double Free. A poolDestroy double free in `OGRExpatRealloc` in `ogr/ogr_expat.cpp` can be exploited when the 10MB threshold is exceeded. How to fix Double Free? Upgrade `GDAL` to version 3.0.2 or higher.	[,3.0.2)