一、 漏洞 CVE-2025-15537 基础信息
漏洞信息
# Mapnik dbfile.cpp 字符串溢出漏洞
## 概述
Mapnik 4.2.0 及之前版本中存在一个安全漏洞,位于 `plugins/input/shape/dbfile.cpp` 文件的 `mapnik::dbf_file::string_value` 函数,可导致基于堆的缓冲区溢出。
## 影响版本
Mapnik 4.2.0 及以下版本。
## 细节
漏洞存在于 `mapnik::dbf_file::string_value` 函数中,对 DBF 文件中的字符串值处理不当,未能正确验证数据长度,导致在堆上发生缓冲区溢出。攻击者可通过构造恶意 DBF 文件触发该漏洞。
## 影响
本地攻击者可利用该漏洞执行任意代码或导致程序崩溃,且已有公开的利用代码。项目方已通过问题报告被告知该问题,但尚未回应或发布修复版本。
神龙判断
是否为 Web 类漏洞: 未知
判断理由:
N/A
提示
尽管我们采用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
漏洞标题
Mapnik dbfile.cpp string_value heap-based overflow
来源:美国国家漏洞数据库 NVD
漏洞描述信息
A security vulnerability has been detected in Mapnik up to 4.2.0. This issue affects the function mapnik::dbf_file::string_value of the file plugins/input/shape/dbfile.cpp. Such manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.
来源:美国国家漏洞数据库 NVD
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
来源:美国国家漏洞数据库 NVD
漏洞类别
堆缓冲区溢出
来源:美国国家漏洞数据库 NVD
二、漏洞 CVE-2025-15537 的公开POC
| # | POC 描述 | 源链接 | 神龙链接 |
|---|
三、漏洞 CVE-2025-15537 的情报信息
标题: 1218/repro at main · oneafter/1218 · GitHub -- 🔗来源链接
标签:exploit
神龙速读:以下是截图中可以获得的关键漏洞信息总结: - **仓库名称**: 1218 - **文件夹**: repro - 用于重现漏洞的文件夹 - **文件**: - alloc: 可能用于内存分配的相关代码 - harness.cpp: 可能用于测试或驱动程序的文件 - repro: 重建漏洞实例的代码或脚本 利用这些信息,研究人员或开发者可以进一步研究漏洞的具体细节和重现过程。
标题: [Bug] Heap-buffer-overflow in mapnik::dbf_file::string_value within Shapefile plugin · Issue #4543 · mapnik/mapnik -- 🔗来源链接
标签:issue-tracking
神龙速读:## 关键信息总结 ### 漏洞描述 - **漏洞类型**: Heap Buffer Overflow (Read) - **影响模块**: `mapnik::dbf_file::string_value` in the Shapefile input plugin - **触发条件**: Parsing malformed input leads to a SIGABRT/Crash due to memory access beyond allocated heap buffer ### 影响环境 - **操作系统**: Linux x86_64 - **编译器**: Clang/GCC with AddressSanitizer (`-fsanitize=address`) - **构建配置**: Release Mode (`-O3, -DNDEBUG`), Static Plugins Linking - **受影响版本**: master branch ### 漏洞细节 - **崩溃类型**: Heap-buffer-overflow (Read of size 112) - **源文件**: plugins/input/shape/dbfile.cpp - **问题函数**: mapnik::dbf_file::string_value - **根本原因分析**: - 读取了超出内存区域112字节的数据 - 内存区域最初在`dbf_file::read_header` function (size 326 bytes)中分配 - `string_value`尝试读取文件头的长度或偏移量未得到有效边界检查 ### 如何复现 1. 用Release optimization (`-O3`) 和 ASAN编译Mapnik 2. 编译并启用AddressSanitizer的Mapnik harness (`-fsanitize=address -g`) 3. 使用崩溃文件进行测试 ### ASAN 报告(正文部分) - `heap-buffer-overflow on address 0x51300000116a...` - `Read of size 112 at 0x51300000116a thread T0` - `0x51300000116a is located 0 bytes after 362-byte region...` - `SUMMARY: AddressSanitizer: heap-buffer-overflow (/src/mapnik/harness+0x153b8e...) (BuildId: cd92e1fb8850896b0ef72db2a841bdcbc5d565bc)`![[Bug] Heap-buffer-overflow in mapnik::dbf_file::string_value within Shapefile plugin · Issue #4543 · mapnik/mapnik](https://cvepdf.imfht.com:2443//ti_screenshot/2026-01-20/screenshot-full-2026-01-20T00-53-23.324Z-735a95bc3df8df2c5566.webp)
- https://vuldb.com/?ctiid.341709signaturepermissions-required
标题: CVE-2025-15537 Mapnik dbfile.cpp string_value heap-based overflow (Issue 4543 / EUVD-2026-3179) -- 🔗来源链接
标签:vdb-entrytechnical-description
神龙速读:### 关键漏洞信息 - **Vulnerability ID**: VDB-341709 - **CVE ID**: CVE-2025-15537 - **Issue Number**: 4543 #### Severity and Scoring - **CVSS Meta Temp Score**: 5.0 - **Current Exploit Price**: $0-$5k - **CTI Interest Score**: 1.80 #### Summary A vulnerability marked as critical has been reported in Mapnik up to 4.2.0. The function `mapnik::dbf_file::string_value` of the file `plugins/input/shape/dbfile.cpp` is impacted. Performing a manipulation results in a heap-based overflow. The vulnerability is cataloged as CVE-2025-15537. The attack must be initiated from a local position. There is an exploit available. The project has not responded yet. #### Details A vulnerability was found in Mapnik up to 4.2.0. The function `mapnik::dbf_file::string_value` is affected, and it has been classified as critical. The manipulation with an unknown input leads to a heap-based overflow vulnerability. CWE classifies this issue as CWE-122. A heap overflow condition occurs when a buffer allocated in the heap is overwritten, often allocated using a routine like `malloc()`. This impacts confidentiality, integrity, and availability. - **Advisory**: Shared at [github.com](https://github.com) - **Vulnerability Identifier**: CVE-2025-15537 - **Exploitation**: Easy, initiated locally - **Exploit**: Publicly available as proof-of-concept on [github.com](https://github.com)
- https://vuldb.com/?submit.733348third-party-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-15537
四、漏洞 CVE-2025-15537 的评论
暂无评论