Untriaged
Permalink
CVE-2022-0699
9.8 CRITICAL
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): HIGH
A double-free condition exists in contrib/shpsort.c of shapelib 1.5.0 and …
A double-free condition exists in contrib/shpsort.c of shapelib 1.5.0 and older releases. This issue may allow an attacker to cause a denial of service or have other unspecified impact via control over malloc.
References
- https://github.com/OSGeo/shapelib/issues/39
- https://github.com/OSGeo/shapelib/commit/c75b9281a5b9452d92e1682bdfe6019a13ed81…
- https://github.com/OSGeo/shapelib/commit/c75b9281a5b9452d92e1682bdfe6019a13ed81… x_transferred
- https://github.com/OSGeo/shapelib/issues/39 x_transferred
- https://github.com/OSGeo/shapelib/commit/c75b9281a5b9452d92e1682bdfe6019a13ed81…
- https://github.com/OSGeo/shapelib/issues/39
- https://github.com/OSGeo/shapelib/issues/39 x_transferred
- https://github.com/OSGeo/shapelib/commit/c75b9281a5b9452d92e1682bdfe6019a13ed81… x_transferred
- https://github.com/OSGeo/shapelib/issues/39
- https://github.com/OSGeo/shapelib/commit/c75b9281a5b9452d92e1682bdfe6019a13ed81…
- https://github.com/OSGeo/shapelib/issues/39 x_transferred
- https://github.com/OSGeo/shapelib/commit/c75b9281a5b9452d92e1682bdfe6019a13ed81… x_transferred
- https://lists.debian.org/debian-lts-announce/2026/01/msg00023.html
Affected products
shapelib
- ==shapelib 1.5.0 and older releases
Package maintainers
-
@nh2 Niklas Hambüchen <mail@nh2.me>
-
@l0b0 Victor Engmark <victor@engmark.name>
-
@ehmry Emery Hemingway <ehmry@posteo.net>
-
@willcohen Will Cohen
-
@nialov Nikolas Ovaskainen <nikolasovaskainen@gmail.com>
-
@imincik Ivan Mincik <ivan.mincik@gmail.com>
-
@sikmir Nikolay Korotkiy <sikmir@disroot.org>
-
@autra Augustin Trancart <augustin.trancart@gmail.com>