Mapnik Heap-Based Buffer Overflow Vulnerability in Shapefile Plugin

A heap-based buffer overflow vulnerability has been identified in Mapnik versions through 4.2.0. The issue arises in the Shapefile input plugin, specifically within the 'mapnik::dbf_file::string_value' function, located in 'plugins/input/shape/dbfile.cpp'. This vulnerability allows for memory to be read beyond the allocated buffer, potentially leading to a crash (SIGABRT). The vulnerability must be exploited locally, and a public proof-of-concept exploit is available.

Impact

Exploitation of this vulnerability causes a heap-based buffer overflow, where the application reads memory beyond the bounds of an allocated heap buffer. This type of overflow can lead to memory corruption, allowing for arbitrary code execution or causing the application to crash.

Reproduction

The vulnerability can be reproduced by building Mapnik with release optimization and AddressSanitizer enabled. After compiling the application, it can be run with a crafted Shapefile that triggers the buffer overflow. The AddressSanitizer will report the heap-buffer-overflow error, indicating that the vulnerability has been successfully exploited.