2449772 – (CVE-2026-33147) CVE-2026-33147 gmt: GMT: Stack-based Buffer Overflow in gmt_remote_dataset_id

Bug 2449772 (CVE-2026-33147) - CVE-2026-33147 gmt: GMT: Stack-based Buffer Overflow in gmt_remote_dataset_id

Summary: CVE-2026-33147 gmt: GMT: Stack-based Buffer Overflow in gmt_remote_dataset_id

Keywords:
Status:	NEW
Alias:	CVE-2026-33147
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2449794 2449796
Blocks:
TreeView+	depends on / blocked

Reported:	2026-03-20 21:01 UTC by OSIDB Bzimport
Modified:	2026-03-20 21:20 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-03-20 21:01:50 UTC

GMT is an open source collection of command-line tools for manipulating geographic and Cartesian data sets. In versions from 6.6.0 and prior, a stack-based buffer overflow vulnerability was identified in the gmt_remote_dataset_id function within src/gmt_remote.c. This issue occurs when a specially crafted long string is passed as a dataset identifier (e.g., via the which module), leading to a crash or potential arbitrary code execution. This issue has been patched via commit 0ad2b49.

Note You need to log in before you can comment on or make changes to this bug.