{
  "threat_severity" : "Moderate",
  "public_date" : "2026-01-18T10:02:07Z",
  "bugzilla" : {
    "description" : "mapnik: Mapnik: Heap-based buffer overflow via string_value function manipulation",
    "id" : "2430673",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2430673"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.3",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
    "status" : "draft"
  },
  "cwe" : "CWE-131",
  "details" : [ "A security vulnerability has been detected in Mapnik up to 4.2.0. This issue affects the function mapnik::dbf_file::string_value of the file plugins/input/shape/dbfile.cpp. Such manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.", "A flaw was found in Mapnik. A local attacker can exploit a heap-based buffer overflow vulnerability by manipulating the mapnik::dbf_file::string_value function in plugins/input/shape/dbfile.cpp. This vulnerability can lead to information disclosure, data integrity issues, and denial of service. A public exploit for this issue has been disclosed." ],
  "statement" : "This vulnerability is rated Moderate for Red Hat because it requires local access to trigger a heap-based buffer overflow in the Mapnik library when processing specially crafted shape files. Exploitation requires an attacker to have local user access to a system utilizing Mapnik to process untrusted data.",
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-15537\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-15537\nhttps://github.com/mapnik/mapnik/issues/4543\nhttps://github.com/oneafter/1218/blob/main/repro\nhttps://vuldb.com/?ctiid.341709\nhttps://vuldb.com/?id.341709\nhttps://vuldb.com/?submit.733348" ],
  "name" : "CVE-2025-15537",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}