Home

Description

A security vulnerability has been detected in Mapnik up to 4.2.0. This issue affects the function mapnik::dbf_file::string_value of the file plugins/input/shape/dbfile.cpp. Such manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.

PUBLISHED Reserved 2026-01-17 | Published 2026-01-18 | Updated 2026-02-23 | Assigner VulDB




MEDIUM: 4.8CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
MEDIUM: 5.3CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
MEDIUM: 5.3CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
4.3AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR

Problem types

Heap-based Buffer Overflow

Memory Corruption

Timeline

2026-01-17:Advisory disclosed
2026-01-17:VulDB entry created
2026-02-07:VulDB entry last update

Credits

Oneafter (VulDB User) reporter

References

github.com/mapnik/mapnik/issues/4543 exploit

vuldb.com/?id.341709 (VDB-341709 | Mapnik dbfile.cpp string_value heap-based overflow) vdb-entry technical-description

vuldb.com/?ctiid.341709 (VDB-341709 | CTI Indicators (IOB, IOC, IOA)) signature permissions-required

vuldb.com/?submit.733348 (Submit #733348 | mapnik Mapnik v4.2.0 and master-branch Heap-based Buffer Overflow) third-party-advisory

github.com/mapnik/mapnik/issues/4543 issue-tracking

github.com/oneafter/1218/blob/main/repro exploit

github.com/mapnik/mapnik/ product

cve.org (CVE-2025-15537)

nvd.nist.gov (CVE-2025-15537)

Download JSON