877605 – (CVE-2022-0699) sci-libs/shapelib: double free

Bug 877605 (CVE-2022-0699) - sci-libs/shapelib: double free

Summary: sci-libs/shapelib: double free

Status:	CONFIRMED

Alias:	CVE-2022-0699

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:	https://github.com/OSGeo/shapelib/iss...
Whiteboard:	B2 [upstream/ebuild]
Keywords:	PullRequest

Depends on:
Blocks:

Reported:	2022-10-19 02:06 UTC by John Helmert III
Modified:	2024-04-22 23:00 UTC (History)
CC List:	1 user (show)

See Also:	https://github.com/gentoo/gentoo/pull/36367
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description John Helmert III archtester

2022-10-19 02:06:32 UTC

CVE-2022-0699:

A double-free condition exists in contrib/shpsort.c of shapelib 1.5.0 and older releases. This issue may allow an attacker to cause a denial of service or have other unspecified impact via control over malloc.

Patch: https://github.com/OSGeo/shapelib/commit/c75b9281a5b9452d92e1682bdfe6019a13ed819f

Comment 1 Hans de Graaff gentoo-dev

2023-10-17 15:37:43 UTC

Ping. Any reason we cannot apply the patch mentioned in the comment?