Nixpkgs security tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Untriaged
Permalink CVE-2022-0699
9.8 CRITICAL
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
updated 2 months, 3 weeks ago by @fricklerhandwerk Activity log
  • Created automatic suggestion 2 months, 3 weeks ago
  • @fricklerhandwerk deleted
    6 maintainers
    • @sikmir
    • @ehmry
    • @imincik
    • @autra
    • @willcohen
    • @nh2
    2 months, 3 weeks ago maintainer.delete
  • @fricklerhandwerk added
    2 maintainers
    • @fricklerhandwerk
    • @florentc
    2 months, 3 weeks ago maintainer.add
  • @fricklerhandwerk ignored package shapelib 2 months, 3 weeks ago
A double-free condition exists in contrib/shpsort.c of shapelib 1.5.0 and …

A double-free condition exists in contrib/shpsort.c of shapelib 1.5.0 and older releases. This issue may allow an attacker to cause a denial of service or have other unspecified impact via control over malloc.

Affected products

shapelib
  • ==shapelib 1.5.0 and older releases
Ignored packages (1)

pkgs.shapelib

C Library for reading, writing and updating ESRI Shapefiles

Package maintainers

Additional maintainers