CVE-2025-15537
Heap-Based Buffer Overflow in Mapnik dbf_file Component
Publication date: 2026-01-18
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mapnik | mapnik | to 4.2.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-122 | A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc(). |
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-15537 is a heap-based buffer overflow vulnerability in the Mapnik library (up to version 4.2.0), specifically in the function mapnik::dbf_file::string_value within the Shapefile input plugin. The vulnerability occurs when the function attempts to read string data from a malformed input file without proper bounds checking against the allocated heap buffer. This causes the function to read beyond the allocated memory, leading to a heap buffer overflow and a crash (SIGABRT). The root cause is insufficient validation of offsets and lengths derived from the file header, allowing out-of-bounds memory access during string construction. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can lead to a crash of the Mapnik application due to heap buffer overflow, resulting in denial of service. Additionally, because it is a heap overflow, it may be exploitable for arbitrary code execution, potentially allowing an attacker with local access to compromise the confidentiality, integrity, and availability of the affected system. The exploit is publicly available and considered easy to execute locally. [1, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by running Mapnik built with AddressSanitizer (ASAN) enabled and using a crafted malformed input file to trigger the heap-based buffer overflow. The overflow manifests as a crash (SIGABRT) reported by ASAN during a memcpy operation inside the std::string constructor in the function mapnik::dbf_file::string_value. Detection involves compiling Mapnik with Release optimizations and ASAN enabled, then executing a test harness with malformed Shapefile DBF input to observe the overflow. Specific commands include building Mapnik with flags '-fsanitize=address -O3 -DNDEBUG', statically linking input plugins, compiling the test harness with ASAN, and running it with the crafted input file to reproduce the crash. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding local execution of untrusted or malformed Shapefile DBF files with vulnerable Mapnik versions (up to 4.2.0). Since no official patch or fix has been provided by the maintainers, consider replacing the affected Mapnik component with an alternative product or disabling the Shapefile input plugin if possible. Additionally, restrict local access to systems running vulnerable Mapnik versions to trusted users only. Monitoring for crashes and applying strict input validation on Shapefile DBF files before processing can also help reduce risk. [3]