Source: mapnik Version: 4.2.0+ds-1 Severity: important Tags: security upstream Forwarded: https://github.com/mapnik/mapnik/issues/4543 X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerability was published for mapnik. CVE-2025-15537[0]: | A security vulnerability has been detected in Mapnik up to 4.2.0. | This issue affects the function mapnik::dbf_file::string_value of | the file plugins/input/shape/dbfile.cpp. Such manipulation leads to | heap-based buffer overflow. The attack must be carried out locally. | The exploit has been disclosed publicly and may be used. The project | was informed of the problem early through an issue report but has | not responded yet. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-15537 https://www.cve.org/CVERecord?id=CVE-2025-15537 [1] https://github.com/mapnik/mapnik/issues/4543 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
