Vulnerabilities > CVE-2022-0699 - Double Free vulnerability in Osgeo Shapelib 1.5.0

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

osgeo

CWE-415

critical

NVD

Published: 2022-10-17

Updated: 2022-12-21

Summary

A double-free condition exists in contrib/shpsort.c of shapelib 1.5.0 and older releases. This issue may allow an attacker to cause a denial of service or have other unspecified impact via control over malloc.

Vulnerable Configurations

Part	Description	Count
Application	Osgeo Osgeo Shapelib - Osgeo Shapelib 1.5.0	2

Common Weakness Enumeration (CWE)

CWE-415 - Double Free

References

https://github.com/OSGeo/shapelib/issues/39
https://github.com/OSGeo/shapelib/commit/c75b9281a5b9452d92e1682bdfe6019a13ed819f