ALT-PU-2025-15030-1

Package update libshape in branch sisyphus_riscv64

Version1.6.2-alt1

Task#0

Published2025-11-25

Max severityCRITICAL

Severity:

Closed issues (2)

CRITICAL9.8

Уязвимость реализации функции malloc() библиотеки shapelib, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2022-11-02Modified: 2025-03-05

CVSS 3.xCRITICAL 9.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2022-0699

CRITICAL9.8

A double-free condition exists in contrib/shpsort.c of shapelib 1.5.0 and older releases. This issue may allow an attacker to cause a denial of service or have other unspecified impact via control over malloc.

Published: 2022-10-17Modified: 2026-01-24

CVSS 3.xCRITICAL 9.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References