Vulnerability Description
GMT is an open source collection of command-line tools for manipulating geographic and Cartesian data sets. In versions from 6.6.0 and prior, a stack-based buffer overflow vulnerability was identified in the gmt_remote_dataset_id function within src/gmt_remote.c. This issue occurs when a specially crafted long string is passed as a dataset identifier (e.g., via the which module), leading to a crash or potential arbitrary code execution. This issue has been patched via commit 0ad2b49.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Generic-Mapping-Tools | Gmt | <= 6.6.0 |
Related Weaknesses (CWE)
References
- https://github.com/GenericMappingTools/gmt/commit/0ad2b491470df82c9ec1139dcbd705Patch
- https://github.com/GenericMappingTools/gmt/security/advisories/GHSA-fqxx-62x7-9gExploitVendor Advisory
- https://github.com/GenericMappingTools/gmt/security/advisories/GHSA-fqxx-62x7-9gExploitVendor Advisory
FAQ
What is CVE-2026-33147?
CVE-2026-33147 is a vulnerability with a CVSS score of 7.3 (HIGH). GMT is an open source collection of command-line tools for manipulating geographic and Cartesian data sets. In versions from 6.6.0 and prior, a stack-based buffer overflow vulnerability was identified...
How severe is CVE-2026-33147?
CVE-2026-33147 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-33147?
Check the references section above for vendor advisories and patch information. Affected products include: Generic-Mapping-Tools Gmt.