CVE-2022-0699

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions shapelib versions 1.5.0 and older

Description The issue is related to a double-free condition in the shapelib library, specifically in the contrib/shpsort.c file. This condition may allow a remote attacker to cause a denial of service or have other unspecified impact via control over malloc.

Recommendations For shapelib versions 1.5.0 and older, update to a version newer than 1.5.0 to resolve the issue. As a temporary workaround, consider restricting access to the contrib/shpsort.c file until a patch is available.

Exploit

Fix

DoS

Double Free

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-415CWE-416

Related Identifiers

ALT-PU-2025-15006

AZL-28599

AZL-37034

BDU:2022-06588

CVE-2022-0699

MGASA-2022-0096

OESA-2022-1858

OPENSUSE-SU-2022:0068-1

OPENSUSE-SU-2024:11863-1

ROSA-SA-2025-2671

Affected Products

Alt Linux

Debian

Red Os

Shapelib

CVE-2022-0699

Weakness Enumeration

Related Identifiers

Affected Products

References · 31