CVE-2025-15564

EUVD-2025-206891
A vulnerability has been found in Mapnik up to 4.2.0. This vulnerability affects the function mapnik::detail::mod<...>::operator of the file src/value.cpp. The manipulation leads to divide by zero. The attack needs to be performed locally. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.3 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
mapnikmapnik
𝑥
≤ 4.2.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
mapnik
bookworm
vulnerable
bullseye
vulnerable
forky
4.2.2+ds-1
fixed
sid
4.2.2+ds-1
fixed
trixie
vulnerable
Common Weakness Enumeration
References
https://github.com/mapnik/mapnik/
https://github.com/mapnik/mapnik/issues/4545
https://github.com/oneafter/1219/blob/main/repro
https://vuldb.com/?ctiid.344502
https://vuldb.com/?id.344502
https://vuldb.com/?submit.743386