GenericMappingTools (GMT) is an open-source suite of command-line utilities used for processing geographic and Cartesian data sets. In versions 6.6.0 and earlier, a stack-based buffer overflow vulnerability (CWE-121) exists in the gmt_remote_dataset_id function located in src/gmt_remote.c. This vulnerability is triggered when a specially crafted, excessively long string is supplied as a dataset identifier, such as through the 'which' module. The overflow occurs on the stack, potentially overwriting control data, which can lead to a program crash or enable an attacker to execute arbitrary code with the privileges of the GMT process. The vulnerability does not require user interaction or prior authentication but does require local access to the system where GMT is installed. The CVSS 3.1 base score is 7.3, reflecting high severity due to the potential for code execution and denial of service. The issue was addressed and patched in a commit identified as 0ad2b49. No known exploits are currently reported in the wild, but the risk remains for unpatched systems. GMT is commonly used in scientific, governmental, and commercial environments for geospatial data analysis, making this vulnerability relevant to those sectors.

The vulnerability can lead to a denial of service via application crashes or, more critically, arbitrary code execution, which compromises system integrity and confidentiality. Attackers exploiting this flaw could execute malicious code with the same privileges as the GMT process, potentially leading to further system compromise or lateral movement within a network. Organizations relying on GMT for geographic data processing, including research institutions, government agencies, and private sector companies in mapping, environmental monitoring, and defense, face risks of data corruption, service disruption, and unauthorized access. Since exploitation requires local access, insider threats or attackers who have gained initial footholds could leverage this vulnerability to escalate privileges or maintain persistence. The lack of known exploits in the wild reduces immediate risk but does not eliminate the threat, especially as proof-of-concept code could emerge post-disclosure.

1. Immediately upgrade GMT installations to versions later than 6.6.0 where the vulnerability is patched. 2. Audit all systems to identify where GMT is installed and used, including automated scripts and pipelines that may invoke GMT commands. 3. Restrict local access to systems running GMT to trusted users only, minimizing the risk of exploitation by unauthorized personnel. 4. Employ application whitelisting and runtime protections such as stack canaries and address space layout randomization (ASLR) to reduce the risk of successful exploitation. 5. Monitor system logs and application behavior for unusual crashes or anomalies that could indicate attempted exploitation. 6. For environments where immediate patching is not feasible, consider isolating GMT usage in sandboxed or containerized environments to limit potential damage. 7. Educate system administrators and users about the risks and ensure secure handling of dataset identifiers to avoid passing untrusted input to GMT commands.