Lucene search
K
OsgeoMapserver

22 matches found

CVE
CVE
added 2009/03/31 6:0 p.m.95 views

CVE-2009-0840

CVE-2009-0840 affects MapServer’s mapserv CGI: a heap-based buffer overflow can be triggered by a crafted Content-Length header, enabling remote code execution. Impacted are MapServer 4.x up to 4.10.4 and 5.x up to 5.2.2. Debian/OSS advisories note an incomplete fix also affecting CVE-2009-2281 a...

10CVSS6.5AI score0.05283EPSS
CVE
CVE
added 2010/08/02 9:0 p.m.84 views

CVE-2010-2540

CVE-2010-2540 affects MapServer’s mapserv CGI interface. In MapServer versions prior to 4.10.6 and 5.x prior to 5.6.4, CGI arguments intended for debugging are not properly restricted, enabling remote attackers to craft arguments and trigger an unspecified impact. Fixed in MapServer 4.10.6 and 5....

10CVSS6.6AI score0.03833EPSS
CVE
CVE
added 2017/03/15 4:0 p.m.83 views

CVE-2017-5522

MapServer is affected by a stack-based buffer overflow (CVE-2017-5522) that can be triggered via WFS get feature requests. The vulnerability affects MapServer releases prior to 6.0.6, 6.2.x prior to 6.2.4, 6.4.x prior to 6.4.5, and 7.0.x prior to 7.0.4. Exploitation is remote over the network and...

9.8CVSS9.6AI score0.04757EPSS
CVE
CVE
added 2009/03/31 6:0 p.m.82 views

CVE-2009-0843

CVE-2009-0843 affects MapServer (MapServer 4.x before 4.10.4 and 5.x before 5.2.2). The vulnerability arises from missing input validation in the queryfile parameter of the mapserv/GET request, allowing remote attackers to infer the existence of arbitrary files via differing error messages. Debia...

7.8CVSS6.4AI score0.0313EPSS
CVE
CVE
added 2019/10/29 8:4 p.m.81 views

CVE-2010-1678

Mapserver 5.2, 5.4 and 5.6 before 5.6.5-2 contain an input validation error in Mapfile parsing due to improper validation of symbol index values. This can lead to a segmentation fault/crash. A fix is available in 5.6.5-2 (and later); upgrading is recommended.

7.5CVSS7.5AI score0.0217EPSS
CVE
CVE
added 2009/03/31 6:0 p.m.78 views

CVE-2009-0839

CVE-2009-0839 is a mapserver vulnerability affecting MapServer 4.x (pre-4.10.4) and 5.x (pre-5.2.2) where a stack-based buffer overflow can be triggered by a crafted id parameter in a query action when a map contains a long IMAGEPATH or NAME attribute. This leads to arbitrary code execution on th...

10CVSS7.8AI score0.09011EPSS
CVE
CVE
added 2009/03/31 6:0 p.m.76 views

CVE-2009-0841

MapServer’s mapserv on Windows with Cygwin is vulnerable to directory traversal via a .. in the id parameter, allowing remote creation of arbitrary files. Affected: MapServer 4.x before 4.10.4 and 5.x before 5.2.2. Several advisories (e.g., Debian DSA-1914-1, Fedora advisories) indicate fixes in ...

10CVSS6.5AI score0.05276EPSS
CVE
CVE
added 2009/10/23 6:0 p.m.75 views

CVE-2009-2281

MapServer is vulnerable to a heap-based buffer overflow in readPostBody of cgiutil.c. The issue affects MapServer 4.x up to 4.10.4 and 5.x up to 5.4.1 (before 5.4.2), due to an integer overflow that can be triggered by a crafted Content-Length header or a large HTTP request. This results in arbit...

10CVSS7.8AI score0.05949EPSS
CVE
CVE
added 2009/03/31 6:0 p.m.71 views

CVE-2009-0842

MapServer is affected by CVE-2009-0842 due to a lack of file type verification when parsing a map file, which can disclose content from arbitrary files via error messages when a full path is provided in the map parameter. Impact is partial disclosure of file contents, as described in Debian secur...

4.3CVSS6.2AI score0.02649EPSS
CVE
CVE
added 2014/01/05 8:0 p.m.70 views

CVE-2013-7262

The vulnerability CVE-2013-7262 affects MapServer (MapServer before 6.4.1) in the msPostGISLayerSetTimeFilter function (mappostgis.c). When using a WMS-Time service, a crafted PostGIS TIME filter can lead to remote SQL command execution, exposing SQL injection risk with partial confidentiality/in...

6.8CVSS8.2AI score0.0222EPSS
CVE
CVE
added 2011/08/01 7:0 p.m.68 views

CVE-2011-2704

MapServer has a stack-based buffer overflow in its OGC filter encoding handling, affecting versions before 4.10.7 (and 5.x before 5.6.7). This allows remote code execution via OGC filter vectors. Remediation: upgrade to 4.10.7+ or 5.6.7+. The provided sources do not include explicit exploitation ...

7.5CVSS8AI score0.0522EPSS
CVE
CVE
added 2010/08/02 9:0 p.m.66 views

CVE-2010-2539

CVE-2010-2539 concerns MapServer’s mapserv component. A buffer overflow in the msTmpFile function (maputil.c) allows local users to cause a denial of service via temporary-file name handling. Affected products are MapServer releases before 4.10.6 and 5.x before 5.6.4. The issue stems from overrun...

2.1CVSS6.1AI score0.00323EPSS
CVE
CVE
added 2011/08/01 7:0 p.m.66 views

CVE-2011-2703

CVE-2011-2703 describes multiple SQL injection vulnerabilities in MapServer prior to 4.10.7, 5.x prior to 5.6.7, and 6.x prior to 6.0.1. Attack vectors relate to OGC filter encoding and WMS time support, enabling remote attackers to execute arbitrary SQL commands. Impact is partial confidentialit...

7.5CVSS8.4AI score0.02734EPSS
CVE
CVE
added 2021/05/05 6:39 p.m.65 views

CVE-2021-32062

MapServer CGI vulnerability CVE-2021-32062 affects MapServer before 7.0.8, 7.1.x and 7.2.x before 7.2.3, 7.3.x and 7.4.x before 7.4.5, and 7.5.x and 7.6.x before 7.6.3. The issue is improper enforcement of MS_MAP_NO_PATH and MS_MAP_PATTERN restrictions that control where a mapfile may be loaded f...

5.3CVSS5.1AI score0.01478EPSS
CVE
CVE
added 2009/03/31 6:0 p.m.64 views

CVE-2009-1176

MapServer's mapserv binary (MapServer 4.x before 4.10.4 and 5.x before 5.2.2) is affected by a vulnerability in the handling of the id parameter in query actions: the string holding the id parameter may not end with a null terminator, enabling a remote attacker to trigger a buffer overflow or rel...

10CVSS6.8AI score0.04086EPSS
CVE
CVE
added 2009/03/31 6:0 p.m.60 views

CVE-2009-1177

CVE-2009-1177 affects MapServer’s mapserv, specifically MapServer 4.x before 4.10.4 and 5.x before 5.2.2. The flaw resides in maptemplate.c and is described as multiple stack-based buffer overflows, with unknown impact and remote attack vectors. The Red Hat CVE entry corroborates this description...

10CVSS6.6AI score0.02866EPSS
CVE
CVE
added 2026/03/27 12:15 a.m.59 views

CVE-2026-33721

MapServer (CVE-2026-33721) has a heap-buffer-overflow in the SLD parser triggered by a crafted SLD containing more than 100 Threshold elements in a ColorMap/Categorize structure, exploitable by an unauthenticated remote attacker via WMS GetMap with SLD_BODY. Affects versions up to 4.2 prior to 8....

7.5CVSS5.8AI score0.00865EPSS
CVE
CVE
added 2011/08/01 8:0 p.m.51 views

CVE-2011-2975

The CVE-2011-2975 entry concerns MapServer prior to 6.0.1, where a double free in mapsymbol.c:msAddImageSymbol can be triggered by crafted mapfile data, potentially causing a denial of service (application crash) and unspecified impact. The issue is rooted in a memory-management flaw in the funct...

6.8CVSS7.3AI score0.04603EPSS
CVE
CVE
added 2016/12/08 8:8 a.m.51 views

CVE-2016-9839

CVE-2016-9839 affects MapServer versions prior to 7.0.3, where OGR driver error messages may leak sensitive information when data connections fail. The vulnerability arises from overly verbose error output. In published advisories, Fedora/OpenVAS entries describe a security fix and map the issue ...

7.5CVSS7.2AI score0.01501EPSS
CVE
CVE
added 2025/09/19 7:29 p.m.42 views

CVE-2025-59431

MapServer prior to 8.4.1 is affected by a vulnerability in the XML Filter Query directive PropertyName that can be exploited via Boolean-based SQL injection by injecting double quote characters into PropertyName, enabling manipulation of backend database queries. The issue is fixed in MapServer 8...

9.8CVSS7.1AI score0.00391EPSS
CVE
CVE
added 2026/05/27 6:41 p.m.28 views

CVE-2026-45104

MapServer CVE-2026-45104 describes a NULL pointer dereference in SLD parsing of rules when exposed via WMS SLD_BODY. From 6.4.0 through before 8.6.3, msSLDParseUserStyle calls _SLDApplyRuleValues(psRule, psLayer, 1) for any with , assuming one class was added. If the rule has no symbolizer (sti...

7.5CVSS5.8AI score0.0032EPSS
CVE
CVE
added 2026/05/08 3:56 p.m.16 views

CVE-2026-42030

Technical details about CVE-2026-42030 are not publicly provided in the supplied documents. Monitor for updates from MapServer advisories and the CVE entry.

6.1CVSS5.9AI score0.00247EPSS