NIXPKGS-2026-0068

GitHub issue published on 21 Jan 2026

Permalink CVE-2025-15537

updated 3 weeks, 1 day ago by @LeSuisse Activity log

Created automatic suggestion 3 weeks, 3 days ago
@LeSuisse removed
2 packages
- python312Packages.python-mapnik
- python313Packages.python-mapnik
3 weeks, 2 days ago
@LeSuisse accepted 3 weeks, 2 days ago
@LeSuisse published on GitHub 3 weeks, 1 day ago

Mapnik dbfile.cpp string_value heap-based overflow

A security vulnerability has been detected in Mapnik up to 4.2.0. This issue affects the function mapnik::dbf_file::string_value of the file plugins/input/shape/dbfile.cpp. Such manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Affected products

Mapnik

==4.2.0
==4.0
==4.1

Matching in nixpkgs

pkgs.mapnik

Open source toolkit for developing mapping applications

nixos-unstable 4.1.4
- nixpkgs-unstable 4.1.4
- nixos-unstable-small 4.1.4
nixos-25.05 4.0.7
- nixos-25.05-small 4.0.7
- nixpkgs-25.05-darwin 4.0.7

Package maintainers

@autra Augustin Trancart <augustin.trancart@gmail.com>
@hummeltech David Hummel <hummeltech@sherpaguru.com>
@willcohen Will Cohen
@l0b0 Victor Engmark <victor@engmark.name>
@nialov Nikolas Ovaskainen <nikolasovaskainen@gmail.com>
@imincik Ivan Mincik <ivan.mincik@gmail.com>
@sikmir Nikolay Korotkiy <sikmir@disroot.org>
@hrdinka Christoph Hrdinka <c.nix@hrdinka.at>
@nh2 Niklas Hambüchen <mail@nh2.me>

Upstream issue: https://github.com/mapnik/mapnik/issues/4543

Nixpkgs Security Tracker

Details of issue NIXPKGS-2026-0068

Affected products

Matching in nixpkgs

pkgs.mapnik

Package maintainers