Vulnerability Description
A security vulnerability has been detected in Mapnik up to 4.2.0. This issue affects the function mapnik::dbf_file::string_value of the file plugins/input/shape/dbfile.cpp. Such manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mapnik | Mapnik | <= 4.2.0 |
Related Weaknesses (CWE)
References
- https://github.com/mapnik/mapnik/
- https://github.com/mapnik/mapnik/issues/4543ExploitIssue TrackingVendor Advisory
- https://github.com/oneafter/1218/blob/main/reproProduct
- https://vuldb.com/?ctiid.341709Permissions RequiredVDB Entry
- https://vuldb.com/?id.341709Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.733348ExploitThird Party AdvisoryVDB Entry
- https://github.com/mapnik/mapnik/issues/4543ExploitIssue TrackingVendor Advisory
FAQ
What is CVE-2025-15537?
CVE-2025-15537 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A security vulnerability has been detected in Mapnik up to 4.2.0. This issue affects the function mapnik::dbf_file::string_value of the file plugins/input/shape/dbfile.cpp. Such manipulation leads to ...
How severe is CVE-2025-15537?
CVE-2025-15537 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-15537?
Check the references section above for vendor advisories and patch information. Affected products include: Mapnik Mapnik.