CVE-2025-15537

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-15537
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-15537.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-15537
Downstream
Published
2026-01-18T10:15:52.103Z
Modified
2026-03-15T22:50:29.426281Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

A security vulnerability has been detected in Mapnik up to 4.2.0. This issue affects the function mapnik::dbffile::stringvalue of the file plugins/input/shape/dbfile.cpp. Such manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.

References

Affected packages

Git / github.com/mapnik/mapnik

Affected ranges

Type
GIT
Repo
https://github.com/mapnik/mapnik
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
b806a6c64994eca7ec5b991c2e81471d89b81b1c
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.2.0"
        }
    ]
}

Affected versions

Other
show
v2.*
v2.1.0
v2.2.0
v3.*
v3.0.0
v3.0.0-rc-offset
v3.0.0-rc1
v3.0.0-rc2
v3.0.0-rc3
v3.0.1
v3.0.10
v3.0.11
v3.0.12
v3.0.12-rc1
v3.0.12-rc2
v3.0.12-rc3
v3.0.12-rc4
v3.0.12-rc5
v3.0.12-rc6
v3.0.2
v3.0.3
v3.0.4
v3.0.5
v3.0.6
v3.0.7
v3.0.8
v3.0.9
v3.0.9-rc1
v3.0.9-rc2
v3.0.9-rc3
v4.*
v4.0.0
v4.0.0-rc1
v4.0.0-rc2
v4.0.0-rc3
v4.0.0-rc4
v4.0.1
v4.0.2
v4.0.3
v4.0.4
v4.0.5
v4.0.6
v4.0.7
v4.1.0
v4.1.1
v4.1.2
v4.1.3
v4.1.4
v4.2.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-15537.json"