CVE-2022-0699

NameCVE-2022-0699
DescriptionA double-free condition exists in contrib/shpsort.c of shapelib 1.5.0 and older releases. This issue may allow an attacker to cause a denial of service or have other unspecified impact via control over malloc.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)
Debian Bugs1022557

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
shapelib (PTS)buster1.4.1-3vulnerable
bullseye1.5.0-2vulnerable
bookworm, sid1.5.0-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
shapelibsource(unstable)1.5.0-31022557

Notes

[bullseye] - shapelib <no-dsa> (Minor issue)
[buster] - shapelib <no-dsa> (Minor issue)
https://github.com/OSGeo/shapelib/commit/c75b9281a5b9452d92e1682bdfe6019a13ed819f
https://github.com/OSGeo/shapelib/issues/39
Search for package or bug name: Reporting problems