CVE-2022-0699: Double Free

October 17, 2022 (updated December 21, 2022)

A double-free condition exists in contrib/shpsort.c of shapelib 1.5.0 and older releases. This issue may allow an attacker to cause a denial of service or have other unspecified impact via control over malloc.

References

github.com/OSGeo/shapelib/commit/c75b9281a5b9452d92e1682bdfe6019a13ed819f
github.com/OSGeo/shapelib/issues/39
nvd.nist.gov/vuln/detail/CVE-2022-0699

Code Behaviors & Features

Detect and mitigate CVE-2022-0699 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →