CRITICAL🇬🇧 English

CVE-2022-0699

CVSS 9.8v3.1pub. 2022-10-17upd. 2026-01-24

A double-free condition exists in contrib/shpsort.c of shapelib 1.5.0 and older releases. This issue may allow an attacker to cause a denial of service or have other unspecified impact via control over malloc.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Osgeo Shapelib

    APP
    Osgeo
    ≤ 1.5.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
DoSMemory
CWE
Referencje

Powiązane podatności

CVE-2024-34711CRITICAL9.3PL ✓ten sam vendor

GeoServer: XXE umożliwiające skanowanie sieci wewnętrznych (SSRF)

CVE-2025-30220CRITICAL9.9PL ✓ten sam vendor

XXE w GeoTools/GeoServer/GeoNetwork — podatność XML External Entity

CVE-2023-25157CRITICAL9.8ten sam vendor

GeoServer is an open source software server written in Java that allows users to share and edit geospatial dat...

CVE-2019-17545CRITICAL9.8ten sam vendor

GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB thresho...

CVE-2017-5522CRITICAL9.8ten sam vendor

Stack-based buffer overflow in MapServer before 6.0.6, 6.2.x before 6.2.4, 6.4.x before 6.4.5, and 7.0.x befor...