CVE-2022-0699: Double Free
First published: Mon Oct 17 2022(Updated: )
A double-free condition exists in contrib/shpsort.c of shapelib 1.5.0 and older releases. This issue may allow an attacker to cause a denial of service or have other unspecified impact via control over malloc.
Credit: patrick@puiterwijk.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Osgeo Shapelib | <=1.5.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-0699?
CVE-2022-0699 is a vulnerability that exists in contrib/shpsort.c of shapelib 1.5.0 and older releases, allowing an attacker to cause a denial of service or have other unspecified impact via control over malloc.
How severe is CVE-2022-0699?
CVE-2022-0699 has a severity rating of 9.8 (Critical).
Which software versions are affected by CVE-2022-0699?
Shapelib versions up to and including 1.5.0 are affected by CVE-2022-0699.
How can I fix CVE-2022-0699?
There is currently no official fix available for CVE-2022-0699. It is recommended to follow the provided references for any updates or patches.
Are there any references available for CVE-2022-0699?
Yes, you can find references for CVE-2022-0699 at the following links: [Reference 1](https://github.com/OSGeo/shapelib/commit/c75b9281a5b9452d92e1682bdfe6019a13ed819f) and [Reference 2](https://github.com/OSGeo/shapelib/issues/39).
- collector/nvd-index
- agent/severity
- agent/references
- agent/author
- agent/type
- agent/weakness
- agent/tags
- agent/event
- agent/description
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/osgeo
- canonical/osgeo shapelib
- version/osgeo shapelib/1.5.0