CVE-2025-15537

Mapnik dbfile.cpp string_value heap-based overflow

Description

A security vulnerability has been detected in Mapnik up to 4.2.0. This issue affects the function mapnik::dbf_file::string_value of the file plugins/input/shape/dbfile.cpp. Such manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.

INFO

Published Date :

2026-01-18T10:02:07.636Z

Last Modified :

2026-01-20T16:53:04.476Z

Source :

VulDB

AFFECTED PRODUCTS

The following products are affected by CVE-2025-15537 vulnerability.

Vendors	Products
Mapnik	Mapnik

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-15537.

URL	Resource
https://github.com/mapnik/mapnik/issues/4543
https://github.com/oneafter/1218/blob/main/repro
https://nvd.nist.gov/vuln/detail/CVE-2025-15537
https://vuldb.com/?ctiid.341709
https://vuldb.com/?id.341709
https://vuldb.com/?submit.733348
https://www.cve.org/CVERecord?id=CVE-2025-15537

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact

Detailed values of each vector for above chart.

Access Vector

Access Complexity

Authentication

Confidentiality Impact

Integrity Impact

Availability Impact