What the vulnerability does

01Description

A double-free condition exists in contrib/shpsort.c of shapelib 1.5.0 and older releases. This issue may allow an attacker to cause a denial of service or have other unspecified impact via control over malloc.

Key dates

02Disclosure timeline

October 17, 2022 CVE published
January 24, 2026 Record updated