CVE-2025-15537

EUVD-2026-3179
A security vulnerability has been detected in Mapnik up to 4.2.0. This issue affects the function mapnik::dbf_file::string_value of the file plugins/input/shape/dbfile.cpp. Such manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
VulDBCNA
5.3 MEDIUM
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
Base Score
CVSS 3.x
EPSS Score
Percentile: 5%
Affected Products (NVD)
VendorProductVersion
mapnikmapnik
𝑥
≤ 4.2.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/mapnik/mapnik/
https://github.com/mapnik/mapnik/issues/4543
https://github.com/oneafter/1218/blob/main/repro
https://vuldb.com/?ctiid.341709
https://vuldb.com/?id.341709
https://vuldb.com/?submit.733348
https://github.com/mapnik/mapnik/issues/4543