CVE-2025-15537
Unknown Unknown - Not Provided
Heap-Based Buffer Overflow in Mapnik dbf_file Component

Publication date: 2026-01-18

Last updated on: 2026-04-29

Assigner: VulDB

Description
A security vulnerability has been detected in Mapnik up to 4.2.0. This issue affects the function mapnik::dbf_file::string_value of the file plugins/input/shape/dbfile.cpp. Such manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-18
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-01-19
EPSS Evaluated
2026-06-14
NVD
CVE-2025-15537
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
mapnik mapnik to 4.2.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-122 A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-15537 is a heap-based buffer overflow vulnerability in the Mapnik library (up to version 4.2.0), specifically in the function mapnik::dbf_file::string_value within the Shapefile input plugin. The vulnerability occurs when the function attempts to read string data from a malformed input file without proper bounds checking against the allocated heap buffer. This causes the function to read beyond the allocated memory, leading to a heap buffer overflow and a crash (SIGABRT). The root cause is insufficient validation of offsets and lengths derived from the file header, allowing out-of-bounds memory access during string construction. [1, 2, 3]

Impact Analysis

This vulnerability can lead to a crash of the Mapnik application due to heap buffer overflow, resulting in denial of service. Additionally, because it is a heap overflow, it may be exploitable for arbitrary code execution, potentially allowing an attacker with local access to compromise the confidentiality, integrity, and availability of the affected system. The exploit is publicly available and considered easy to execute locally. [1, 3]

Detection Guidance

This vulnerability can be detected by running Mapnik built with AddressSanitizer (ASAN) enabled and using a crafted malformed input file to trigger the heap-based buffer overflow. The overflow manifests as a crash (SIGABRT) reported by ASAN during a memcpy operation inside the std::string constructor in the function mapnik::dbf_file::string_value. Detection involves compiling Mapnik with Release optimizations and ASAN enabled, then executing a test harness with malformed Shapefile DBF input to observe the overflow. Specific commands include building Mapnik with flags '-fsanitize=address -O3 -DNDEBUG', statically linking input plugins, compiling the test harness with ASAN, and running it with the crafted input file to reproduce the crash. [1, 2]

Mitigation Strategies

Immediate mitigation steps include avoiding local execution of untrusted or malformed Shapefile DBF files with vulnerable Mapnik versions (up to 4.2.0). Since no official patch or fix has been provided by the maintainers, consider replacing the affected Mapnik component with an alternative product or disabling the Shapefile input plugin if possible. Additionally, restrict local access to systems running vulnerable Mapnik versions to trusted users only. Monitoring for crashes and applying strict input validation on Shapefile DBF files before processing can also help reduce risk. [3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-15537. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart