CVE-2025-15537
MEDIUMmapnik < 4.2.0 - Heap-Based Buffer Overflow in dbf_file::string_value
Title source: llmDescription
A security vulnerability has been detected in Mapnik up to 4.2.0. This issue affects the function mapnik::dbf_file::string_value of the file plugins/input/shape/dbfile.cpp. Such manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry
technical-description
https://vuldb.com/?id.341709
Permissions Required, VDB Entry signature
permissions-required
https://vuldb.com/?ctiid.341709
Exploit, Third Party Advisory, VDB Entry third-party-advisory
https://vuldb.com/?submit.733348
Exploit, Vendor Advisory, Issue Tracking issue-tracking
https://github.com/mapnik/mapnik/issues/4543
Various Sources product
https://github.com/mapnik/mapnik/
Scores
CVSS v3
5.3
EPSS
0.0019
EPSS Percentile
8.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-119
CWE-122
CWE-787
Status
published
Products (1)
mapnik/mapnik
< 4.2.0
Published
Jan 18, 2026
Tracked Since
Feb 18, 2026