CVE-2026-4738

Publication date 24 March 2026

Last updated 23 April 2026

Ubuntu priority

Description

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in OSGeo gdal (frmts/zlib/contrib/infback9 modules). This vulnerability is associated with program files inftree9.C. This issue affects gdal: before 3.11.0.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
gdal	26.04 LTS resolute	Not affected
	25.10 questing	Vulnerable
	24.04 LTS noble	Vulnerable
	22.04 LTS jammy	Vulnerable
	20.04 LTS focal	Vulnerable
	18.04 LTS bionic	Vulnerable
	16.04 LTS xenial	Vulnerable
	14.04 LTS trusty	Vulnerable

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2026-4738
https://github.com/OSGeo/gdal/pull/12244

CVE-2026-4738

Description

Status

References

Other references

Access our resources on patching vulnerabilities