CVE-2025-29480: 
NixOS vulnerability analysis and mitigation

A Buffer Overflow vulnerability was discovered in gdal version 3.10.2, identified as CVE-2025-29480. The vulnerability was disclosed on April 7, 2025, and affects the OGRSpatialReference::Release function. This security issue allows a local attacker to cause a denial of service condition (NVD).

The vulnerability is a use-after-free issue in the OGRSpatialReference::Release function (ogrspatialreference.cpp line 906). It occurs when handling cloned spatial reference objects during vector translation operations, where a prematurely freed OGRSpatialReference::Private instance is accessed during layer cleanup. The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 (MEDIUM) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. The issue is classified as CWE-120 (Buffer Copy without Checking Size of Input) (GITHUB-POC, NVD).

The exploitation of this vulnerability can lead to a denial of service condition, primarily affecting the availability of the system. The vulnerability requires local access and can be triggered through vector translation operations (NVD).

As of the latest reports, the vulnerability remains unfixed in version 3.10.2. Users are advised to monitor for updates and implement access controls to restrict local access to the affected functionality (DEBIAN-TRACKER).