Hello! I am new to the list, I hope that this is the right place to ask.
GDAL's geojson driver uses libjson, which is a fork of json-c 0.11. There have
been a couple security vulnerabilities patched in json-c since version 0.11.
These vulnerabilities are:
- CVE-2013-6370 (buffer overflow if
Matvei,
Hard to say if the use of json-c 0.11 by GDAL trigger those
vulnerabilities, but you should assume they might be hit. I've filed
https://github.com/OSGeo/gdal/issues/4143 about that.
But you should be able to build GDAL any external recent json-c. The
internal copy has mostly changes
