Описание
A double-free condition exists in contrib/shpsort.c of shapelib 1.5.0 and older releases. This issue may allow an attacker to cause a denial of service or have other unspecified impact via control over malloc.
Ссылки
- PatchThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
- PatchThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.5.0 (включая)
cpe:2.3:a:osgeo:shapelib:*:*:*:*:*:*:*:*
EPSS
Процентиль: 29%
0.00101
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-416
CWE-415
Связанные уязвимости
CVSS3: 9.8
ubuntu
больше 2 лет назад
A double-free condition exists in contrib/shpsort.c of shapelib 1.5.0 and older releases. This issue may allow an attacker to cause a denial of service or have other unspecified impact via control over malloc.
CVSS3: 9.8
debian
больше 2 лет назад
A double-free condition exists in contrib/shpsort.c of shapelib 1.5.0 ...
EPSS
Процентиль: 29%
0.00101
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-416
CWE-415