Vulnerability Details CVE-2022-0699
A double-free condition exists in contrib/shpsort.c of shapelib 1.5.0 and older releases. This issue may allow an attacker to cause a denial of service or have other unspecified impact via control over malloc.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 71.8%
CVSS Severity
CVSS v3 Score 9.8
References
- https://github.com/OSGeo/shapelib/commit/c75b9281a5b9452d92e1682bdfe6019a13ed819f
- https://github.com/OSGeo/shapelib/issues/39
- https://github.com/OSGeo/shapelib/commit/c75b9281a5b9452d92e1682bdfe6019a13ed819f
- https://github.com/OSGeo/shapelib/issues/39
- https://lists.debian.org/debian-lts-announce/2026/01/msg00023.html