| Package | geographiclib |
|---|---|
| Version | 1.46-2+deb9u1 (stretch), 1.49-4+deb10u1 (buster) |
| Related CVEs | CVE-2025-60751 |
Geographiclib is a C++ library to solve geodesic problems. A stack buffer overflow occurs when the GeoConvert tool receives a crafted input. The overflow occurs because the program does not properly validate an internal index, allowing an out-of-bounds write on the stack. An attacker can exploit this vulnerability to hijack the program’s control flow by overwriting a return address to point to a libc function and execute arbitrary code.
For Debian 10 buster, these problems have been fixed in version 1.49-4+deb10u1.
For Debian 9 stretch, these problems have been fixed in version 1.46-2+deb9u1.
We recommend that you upgrade your geographiclib packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.