CVE-2026-33147

HIGH

GMT <= 6.6.0 - Stack Buffer Overflow in gmt_remote_dataset_id

Title source: manual

Description

GMT is an open source collection of command-line tools for manipulating geographic and Cartesian data sets. In versions from 6.6.0 and prior, a stack-based buffer overflow vulnerability was identified in the gmt_remote_dataset_id function within src/gmt_remote.c. This issue occurs when a specially crafted long string is passed as a dataset identifier (e.g., via the which module), leading to a crash or potential arbitrary code execution. This issue has been patched via commit 0ad2b49.

Exploits (1)

nomisec WORKING POC
by redyank · poc
https://github.com/redyank/CVE-2026-33147

References (2)

Scores

CVSS v3 7.3
EPSS 0.0001
EPSS Percentile 2.1%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

Details

CWE
CWE-121
Status published
Products (2)
generic-mapping-tools/gmt < 6.6.0
GenericMappingTools/gmt <= 6.6.0
Published Mar 20, 2026
Tracked Since Mar 21, 2026