CVE-2022-0699: 
NixOS vulnerability analysis and mitigation

A double-free condition vulnerability (CVE-2022-0699) was identified in contrib/shpsort.c of shapelib version 1.5.0 and older releases. The vulnerability was discovered and reported on December 29, 2021, affecting the shapelib library, which is used for handling ESRI Shapefile format (GitHub Issue, CVE Mitre).

The vulnerability occurs when a buffer named 'copy' is freed twice in the split() function within shpsort.c. Specifically, the first free operation happens at line 107, and if realloc() fails on line 110, the same buffer is incorrectly freed again at line 116. This double-free condition represents a serious memory handling flaw that could potentially be exploited (GitHub Issue).

The double-free vulnerability could allow an attacker to gain control over the values returned from malloc(), which could lead to multiple security implications. These include the potential disclosure of sensitive data through bypassing additional safety features, and in worst-case scenarios, the possibility of hostile code execution. Additionally, attackers could cause denial of service conditions (CVE Mitre, GitHub Issue).

The vulnerability has been fixed by removing the redundant free() operation at line 116 in the contrib/shpsort.c file. Users are advised to upgrade to versions newer than 1.5.0, specifically version 1.6.1-1 or later, which contains the fix. For Debian systems, the fix is available in bookworm version 1.5.0-3 and sid/trixie version 1.6.1-1 (Debian Tracker, GitHub Commit).