CVE-2025-15564

EUVD-2025-206891
A vulnerability has been found in Mapnik up to 4.2.0. This vulnerability affects the function mapnik::detail::mod<...>::operator of the file src/value.cpp. The manipulation leads to divide by zero. The attack needs to be performed locally. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.3 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
VulDBCNA
3.3 LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Debian logo
Debian Releases
Debian Product
Codename
mapnik
bookworm
no-dsa
bullseye
postponed
forky
4.2.1+ds-2
fixed
sid
4.2.1+ds-2
fixed
trixie
no-dsa
Common Weakness Enumeration
References
https://github.com/mapnik/mapnik/
https://github.com/mapnik/mapnik/issues/4545
https://github.com/oneafter/1219/blob/main/repro
https://vuldb.com/?ctiid.344502
https://vuldb.com/?id.344502
https://vuldb.com/?submit.743386