Double-Free Vulnerability in Shapelib Software by OSGeo
CVE-2022-0699

9.8CRITICAL

Key Information:

Vendor: Osgeo
Status: Shapelib
Vendor: CVE Published:; 17 October 2022

What is CVE-2022-0699?

A double-free vulnerability has been identified in the Shapelib software, particularly within the contrib/shpsort.c file. This flaw allows an attacker to manipulate memory allocation through control over the malloc function, potentially leading to a denial of service or other unspecified impacts on system performance. Users of Shapelib version 1.5.0 and earlier versions are advised to apply necessary updates and mitigations to secure their applications.

Affected Version(s)

shapelib shapelib 1.5.0 and older releases

References

https://github.com/OSGeo/shapelib/issues/39

https://github.com/OSGeo/shapelib/commit/c75b9281a5b9452d...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 17, 2022
Vulnerability Reserved
Feb 21, 2022

CVE-2022-0699 Data

JSON

Osgeo

What is CVE-2022-0699?

Affected Version(s)

References

CVSS V3.1

Timeline