Mapnik Divide-By-Zero Vulnerability in Modulo Operation
Vulnerability
A denial-of-service vulnerability has been identified in Mapnik versions through 4.2.0. The issue arises in the 'mapnik::detail::mod<...>::operator' function within 'src/value.cpp', where a divide-by-zero error occurs. This vulnerability is triggered locally when the expression evaluator processes a modulo operation with a zero divisor, leading to a floating-point exception (SIGFPE) and causing the application to crash. The problem has been publicly disclosed, and an exploit is available.
Impact
Exploitation of this vulnerability causes a crash due to a floating-point exception, terminating the process.
Reproduction
The vulnerability can be reproduced by building Mapnik with release optimizations and AddressSanitizer enabled. After compiling a harness application with AddressSanitizer, this application can be run with a crafted Mapnik XML file that triggers the divide-by-zero condition in the modulo operation. The AddressSanitizer will report the floating-point exception error, indicating that the vulnerability has been successfully exploited.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.