A double-free condition exists in contrib/shpsort.c of shapelib 1.5.0 and older releases. This issue may allow an attacker to cause a denial of service or have other unspecified impact via control over malloc. Upstream issue: https://github.com/OSGeo/shapelib/issues/39 Upstream commit: https://github.com/OSGeo/shapelib/commit/c75b9281a5b9452d92e1682bdfe6019a13ed819f
Created shapelib tracking bugs for this issue: Affects: epel-all [bug 2054306] Affects: fedora-all [bug 2054307]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.