A double-free condition exists in contrib/shpsort.c of shapelib 1.5.0 and older releases. This issue may allow an attacker to cause a denial of service or have other unspecified impact via control over malloc.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HOsgeo Shapelib
APPOsgeo≤ 1.5.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
DoSMemory
Related vulnerabilities
CVE-2024-34711CRITICAL9.3PL ✓ten sam vendor
GeoServer: XXE umożliwiające skanowanie sieci wewnętrznych (SSRF)
CVE-2025-30220CRITICAL9.9PL ✓ten sam vendor
XXE w GeoTools/GeoServer/GeoNetwork — podatność XML External Entity
CVE-2023-25157CRITICAL9.8ten sam vendor
GeoServer is an open source software server written in Java that allows users to share and edit geospatial dat...
CVE-2019-17545CRITICAL9.8ten sam vendor
GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB thresho...
CVE-2017-5522CRITICAL9.8ten sam vendor
Stack-based buffer overflow in MapServer before 6.0.6, 6.2.x before 6.2.4, 6.4.x before 6.4.5, and 7.0.x befor...