OPENSUSE-SU-2026:20857-1 Security update for mapserver

This update for mapserver fixes the following issues: Changes in mapserver: - Update to releasee 8.6.3 SLD parser: fix out of bounds access on SLD with only a Rule with a ElseFilter but without a symbolizer CVE-2026-33721, boo1260869 CVE-2026-45104, boo1266663...

DEBIAN-CVE-2026-45104

MapServer is a system for developing web-based GIS applications. From 6.4.0 to before 8.6.3, msSLDParseUserStyle always calls SLDApplyRuleValuespsRule, psLayer, 1; for any carrying — it assumes msSLDParseRule added one class. When the rule has no symbolizer a structurally valid SLD, msSLDParseRul...

EUVD-2026-32631

MapServer is a system for developing web-based GIS applications. From 6.4.0 to before 8.6.3, msSLDParseUserStyle always calls SLDApplyRuleValuespsRule, psLayer, 1; for any carrying — it assumes msSLDParseRule added one class. When the rule has no symbolizer a structurally valid SLD, msSLDParseRul...

CVE-2026-45104

MapServer is a system for developing web-based GIS applications. From 6.4.0 to before 8.6.3, msSLDParseUserStyle always calls SLDApplyRuleValuespsRule, psLayer, 1; for any carrying — it assumes msSLDParseRule added one class. When the rule has no symbolizer a structurally valid SLD, msSLDParseRul...

Heap buffer overflow in vim_strncpy find_word

✍️ Description When fuzzing vim commit fc78a0369 works with latest build and latest commit 202b4bd3a per this time of this report with clang 13 and ASan, I discovered a buffer overflow. Proof of Concept Here is the poc bash...

Heap-based Buffer Overflow in gpac/gpac

Description When fuzzing gpac with clang 10 I found a heap overflow. Proof of Concept pocgffprintf Crash stack trace aldo@vps:/gpac/bin/gcc$ ASANOPTIONS=symbolize=1 ASANSYMBOLIZERPATH=/usr/bin/llvm-symbolizer ./MP4Box -disox -ttxt -2 -dump-chap-ogg -dump-cover -drtp -bt -out /dev/null...

WebKit WebCore::InlineTextBox::paint Out-Of-Bounds Read

WebKit: Out-of-bounds read in WebCore::InlineTextBox::paint CVE-2018-4328 There is a out-of-bounds read security vulnerability in WebKit. The vulnerability was confirmed on the ASan build of WebKit revision 233419 on OSX. The vulnerability has also been confirmed on Safari 11.1.1 sources grabbed...

WebKit - 'WebCore::PositionIterator::decrement' Use-After-Free

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1346 There is a use-after-free security vulnerability in WebKit. The vulnerability was confirmed on ASan build of WebKit nightly. PoC: ================================================================= / function jsfuzzer...

WebKit WebCore::RenderText::localCaretRect Out-Of-Bounds Read

WebKit: out-of-bounds read in WebCore::RenderText::localCaretRect CVE-2017-13785 There is an out-of-bounds read security vulnerability in WebKit. The vulnerability was confirmed on ASan build of WebKit nightly. PoC: ================================================================= max-height: 0;...

WebKit - WebCore::InputType::element Use-After-Free Exploit

Exploit for multiple platform in category dos / poc var runcount = 0; function go runcount++; ifruncount 2 return; i.type = "foo"; i.select; i.type = "search"; document.onsearch = document.body.onload; document.execCommand"insertHTML", false, ""; !--...

shopify-scripts: SIGSEGV in str_buf_cat

PoC ------------------- Attached as teststrbufcat.rb Debug - mirb ------------------- Program received signal SIGSEGV, Segmentation fault. memcpysse2unaligned at ../sysdeps/x8664/multiarch/memcpy-sse2-unaligned.S:36 36 ../sysdeps/x8664/multiarch/memcpy-sse2-unaligned.S: No such file or directory...