Register | Log in

rtklib

RTK and other advanced GNSS positioning techniques -- CLI

Choose email to subscribe with

general

source: rtklib (main)
version: 2.4.3.b34+dfsg-1
maintainer: Matteo F. Vescovi (DMD)
arch: all any
std-ver: 4.6.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 2.4.3+dfsg1-2.1
oldstable: 2.4.3.b34+dfsg-1
stable: 2.4.3.b34+dfsg-1
testing: 2.4.3.b34+dfsg-1
unstable: 2.4.3.b34+dfsg-1

versioned links

2.4.3+dfsg1-2.1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.4.3.b34+dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

librtklib-dev
librtklib1
rtklib
rtklib-doc
rtklib-qt

action needed

Problems while searching for a new upstream version high

uscan had problems while searching for a new upstream version:

In debian/watch no matching files for watch source
  https://github.com/JensReimann/RTKLIB/tags

Created: 2025-11-27 Last update: 2026-06-29 19:03

4 security issues in trixie high

There are 4 open security issues in trixie.

4 important issues:

CVE-2026-56786: RTKLIB through 2.4.3 contains an out-of-bounds write vulnerability in decode_type1033 function that fails to clamp length counters to destination buffer size, allowing up to 191-byte overflow into fixed 64-byte descriptor fields. An attacker controlling an NTRIP or serial RTCM3 correction stream can craft a valid CRC-bearing type-1033 message to corrupt adjacent rtcm_t object members, potentially achieving arbitrary code execution or denial of service.
CVE-2026-56787: RTKLIB through 2.4.3 contains an off-by-one out-of-bounds read vulnerability in the decode_ssr3 function at src/rtcm3.c:1446 that allows remote attackers to trigger a global buffer overflow via crafted RTCM3 SSR messages with attacker-controlled signal mode fields. Remote attackers can exploit this vulnerability by sending malicious SSR correction streams over NTRIP or serial connections to cause denial of service or crash RTKLIB rovers and CORS servers.
CVE-2026-56788: RTKLIB through 2.4.3 contains an out-of-bounds read vulnerability in getcodepri function when processing unrecognized RINEX observation codes, allowing attackers to trigger denial of service. Crafted RINEX files with unknown observation types cause negative array indexing into the codepris table, resulting in reliable crashes and potential memory disclosure of adjacent global data.
CVE-2026-56789: RTKLIB through 2.4.3 contains a heap buffer overflow vulnerability in the readrnxobsb function in src/rinex.c that allows attackers to trigger memory corruption by failing to clamp satellite count values from RINEX epoch headers. Attackers can craft malicious RINEX files declaring more than 64 satellites per epoch to cause heap buffer overflow writes and out-of-bounds stack reads, crashing RTKLIB-based applications including rnx2rtkp and RTKPOST.

Created: 2026-06-26 Last update: 2026-06-26 07:00

4 security issues in sid high

There are 4 open security issues in sid.

4 important issues:

CVE-2026-56786: RTKLIB through 2.4.3 contains an out-of-bounds write vulnerability in decode_type1033 function that fails to clamp length counters to destination buffer size, allowing up to 191-byte overflow into fixed 64-byte descriptor fields. An attacker controlling an NTRIP or serial RTCM3 correction stream can craft a valid CRC-bearing type-1033 message to corrupt adjacent rtcm_t object members, potentially achieving arbitrary code execution or denial of service.
CVE-2026-56787: RTKLIB through 2.4.3 contains an off-by-one out-of-bounds read vulnerability in the decode_ssr3 function at src/rtcm3.c:1446 that allows remote attackers to trigger a global buffer overflow via crafted RTCM3 SSR messages with attacker-controlled signal mode fields. Remote attackers can exploit this vulnerability by sending malicious SSR correction streams over NTRIP or serial connections to cause denial of service or crash RTKLIB rovers and CORS servers.
CVE-2026-56788: RTKLIB through 2.4.3 contains an out-of-bounds read vulnerability in getcodepri function when processing unrecognized RINEX observation codes, allowing attackers to trigger denial of service. Crafted RINEX files with unknown observation types cause negative array indexing into the codepris table, resulting in reliable crashes and potential memory disclosure of adjacent global data.
CVE-2026-56789: RTKLIB through 2.4.3 contains a heap buffer overflow vulnerability in the readrnxobsb function in src/rinex.c that allows attackers to trigger memory corruption by failing to clamp satellite count values from RINEX epoch headers. Attackers can craft malicious RINEX files declaring more than 64 satellites per epoch to cause heap buffer overflow writes and out-of-bounds stack reads, crashing RTKLIB-based applications including rnx2rtkp and RTKPOST.

Created: 2026-06-26 Last update: 2026-06-26 07:00

4 security issues in forky high

There are 4 open security issues in forky.

4 important issues:

CVE-2026-56786: RTKLIB through 2.4.3 contains an out-of-bounds write vulnerability in decode_type1033 function that fails to clamp length counters to destination buffer size, allowing up to 191-byte overflow into fixed 64-byte descriptor fields. An attacker controlling an NTRIP or serial RTCM3 correction stream can craft a valid CRC-bearing type-1033 message to corrupt adjacent rtcm_t object members, potentially achieving arbitrary code execution or denial of service.
CVE-2026-56787: RTKLIB through 2.4.3 contains an off-by-one out-of-bounds read vulnerability in the decode_ssr3 function at src/rtcm3.c:1446 that allows remote attackers to trigger a global buffer overflow via crafted RTCM3 SSR messages with attacker-controlled signal mode fields. Remote attackers can exploit this vulnerability by sending malicious SSR correction streams over NTRIP or serial connections to cause denial of service or crash RTKLIB rovers and CORS servers.
CVE-2026-56788: RTKLIB through 2.4.3 contains an out-of-bounds read vulnerability in getcodepri function when processing unrecognized RINEX observation codes, allowing attackers to trigger denial of service. Crafted RINEX files with unknown observation types cause negative array indexing into the codepris table, resulting in reliable crashes and potential memory disclosure of adjacent global data.
CVE-2026-56789: RTKLIB through 2.4.3 contains a heap buffer overflow vulnerability in the readrnxobsb function in src/rinex.c that allows attackers to trigger memory corruption by failing to clamp satellite count values from RINEX epoch headers. Attackers can craft malicious RINEX files declaring more than 64 satellites per epoch to cause heap buffer overflow writes and out-of-bounds stack reads, crashing RTKLIB-based applications including rnx2rtkp and RTKPOST.

Created: 2026-06-26 Last update: 2026-06-26 07:00

4 security issues in bullseye high

There are 4 open security issues in bullseye.

4 important issues:

CVE-2026-56786: RTKLIB through 2.4.3 contains an out-of-bounds write vulnerability in decode_type1033 function that fails to clamp length counters to destination buffer size, allowing up to 191-byte overflow into fixed 64-byte descriptor fields. An attacker controlling an NTRIP or serial RTCM3 correction stream can craft a valid CRC-bearing type-1033 message to corrupt adjacent rtcm_t object members, potentially achieving arbitrary code execution or denial of service.
CVE-2026-56787: RTKLIB through 2.4.3 contains an off-by-one out-of-bounds read vulnerability in the decode_ssr3 function at src/rtcm3.c:1446 that allows remote attackers to trigger a global buffer overflow via crafted RTCM3 SSR messages with attacker-controlled signal mode fields. Remote attackers can exploit this vulnerability by sending malicious SSR correction streams over NTRIP or serial connections to cause denial of service or crash RTKLIB rovers and CORS servers.
CVE-2026-56788: RTKLIB through 2.4.3 contains an out-of-bounds read vulnerability in getcodepri function when processing unrecognized RINEX observation codes, allowing attackers to trigger denial of service. Crafted RINEX files with unknown observation types cause negative array indexing into the codepris table, resulting in reliable crashes and potential memory disclosure of adjacent global data.
CVE-2026-56789: RTKLIB through 2.4.3 contains a heap buffer overflow vulnerability in the readrnxobsb function in src/rinex.c that allows attackers to trigger memory corruption by failing to clamp satellite count values from RINEX epoch headers. Attackers can craft malicious RINEX files declaring more than 64 satellites per epoch to cause heap buffer overflow writes and out-of-bounds stack reads, crashing RTKLIB-based applications including rnx2rtkp and RTKPOST.

Created: 2026-06-26 Last update: 2026-06-26 07:00

4 security issues in bookworm high

There are 4 open security issues in bookworm.

4 important issues:

CVE-2026-56786: RTKLIB through 2.4.3 contains an out-of-bounds write vulnerability in decode_type1033 function that fails to clamp length counters to destination buffer size, allowing up to 191-byte overflow into fixed 64-byte descriptor fields. An attacker controlling an NTRIP or serial RTCM3 correction stream can craft a valid CRC-bearing type-1033 message to corrupt adjacent rtcm_t object members, potentially achieving arbitrary code execution or denial of service.
CVE-2026-56787: RTKLIB through 2.4.3 contains an off-by-one out-of-bounds read vulnerability in the decode_ssr3 function at src/rtcm3.c:1446 that allows remote attackers to trigger a global buffer overflow via crafted RTCM3 SSR messages with attacker-controlled signal mode fields. Remote attackers can exploit this vulnerability by sending malicious SSR correction streams over NTRIP or serial connections to cause denial of service or crash RTKLIB rovers and CORS servers.
CVE-2026-56788: RTKLIB through 2.4.3 contains an out-of-bounds read vulnerability in getcodepri function when processing unrecognized RINEX observation codes, allowing attackers to trigger denial of service. Crafted RINEX files with unknown observation types cause negative array indexing into the codepris table, resulting in reliable crashes and potential memory disclosure of adjacent global data.
CVE-2026-56789: RTKLIB through 2.4.3 contains a heap buffer overflow vulnerability in the readrnxobsb function in src/rinex.c that allows attackers to trigger memory corruption by failing to clamp satellite count values from RINEX epoch headers. Attackers can craft malicious RINEX files declaring more than 64 satellites per epoch to cause heap buffer overflow writes and out-of-bounds stack reads, crashing RTKLIB-based applications including rnx2rtkp and RTKPOST.

Created: 2026-06-26 Last update: 2026-06-26 07:00

2 new commits since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit b01741e03e52fa39b6075cffbd6cdd802ed83e93
Merge: a4ae908 95b1e65
Author: Jelmer Vernooĳ <jelmer@debian.org>
Date:   Sun Oct 30 17:07:49 2022 +0000

    Merge branch 'multiarch-fixes' into 'master'
    
    Apply hints suggested by the multi-arch hinter
    
    See merge request debian/rtklib!1

commit 95b1e659bbad22bf13333d2e6778fb425884eef3
Author: Debian Janitor <janitor@jelmer.uk>
Date:   Wed Oct 19 12:25:29 2022 +0000

    Apply multi-arch hints.
    + rtklib-doc: Add Multi-Arch: foreign.
    
    Changes-By: apply-multiarch-hints

Created: 2022-10-30 Last update: 2026-06-29 19:32

1 open merge request in Salsa normal

There is 1 open merge request for this package on Salsa. You should consider reviewing and/or merging these merge requests.

Created: 2025-08-19 Last update: 2025-08-19 06:28

Multiarch hinter reports 1 issue(s) low

There are issues with the multiarch metadata for this package.

rtklib-doc could be marked Multi-Arch: foreign

Created: 2018-01-24 Last update: 2026-06-29 21:30

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.4 instead of 4.6.0).

Created: 2022-05-11 Last update: 2026-03-31 15:01

news

[2021-10-11] rtklib 2.4.3.b34+dfsg-1 MIGRATED to testing (Debian testing watch)
[2021-10-05] Accepted rtklib 2.4.3.b34+dfsg-1 (source) into unstable (Matteo F. Vescovi)
[2021-09-23] rtklib 2.4.3.b33+dfsg-6 MIGRATED to testing (Debian testing watch)
[2021-09-17] Accepted rtklib 2.4.3.b33+dfsg-6 (source) into unstable (Matteo F. Vescovi)
[2021-08-23] rtklib 2.4.3.b33+dfsg-5 MIGRATED to testing (Debian testing watch)
[2021-08-17] Accepted rtklib 2.4.3.b33+dfsg-5 (source) into unstable (Matteo F. Vescovi)
[2021-05-09] Accepted rtklib 2.4.3.b33+dfsg-4 (source) into experimental (Matteo F. Vescovi)
[2021-05-06] Accepted rtklib 2.4.3.b33+dfsg-3 (source) into experimental (Matteo F. Vescovi)
[2021-05-05] Accepted rtklib 2.4.3.b33+dfsg-2 (source) into experimental (Matteo F. Vescovi)
[2021-05-04] Accepted rtklib 2.4.3.b33+dfsg-1 (source amd64 all) into experimental, experimental (Debian FTP Masters) (signed by: Matteo F. Vescovi)
[2019-12-11] rtklib 2.4.3+dfsg1-2.1 MIGRATED to testing (Debian testing watch)
[2019-12-05] Accepted rtklib 2.4.3+dfsg1-2.1 (source) into unstable (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2019-12-04] Accepted rtklib 2.4.3+dfsg1-2 (source) into unstable (Gürkan Myczko) (signed by: Adam Borowski)
[2018-01-29] rtklib 2.4.3+dfsg1-1 MIGRATED to testing (Debian testing watch)
[2018-01-23] Accepted rtklib 2.4.3+dfsg1-1 (source amd64 all) into unstable, unstable (Gürkan Myczko) (signed by: Adam Borowski)

bugs [bug history graph]

all: 3
RC: 0
I&N: 2
M&W: 1
F&P: 0
patch: 0

links

homepage
lintian
buildd: logs, reproducibility, cross
popcon
browse source code
other distros
security tracker
debian patches

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2.4.3.b34+dfsg-1build3

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing