22 matches found
CVE-2009-0840
CVE-2009-0840 affects MapServer’s mapserv CGI: a heap-based buffer overflow can be triggered by a crafted Content-Length header, enabling remote code execution. Impacted are MapServer 4.x up to 4.10.4 and 5.x up to 5.2.2. Debian/OSS advisories note an incomplete fix also affecting CVE-2009-2281 a...
CVE-2010-2540
CVE-2010-2540 affects MapServer’s mapserv CGI interface. In MapServer versions prior to 4.10.6 and 5.x prior to 5.6.4, CGI arguments intended for debugging are not properly restricted, enabling remote attackers to craft arguments and trigger an unspecified impact. Fixed in MapServer 4.10.6 and 5....
CVE-2017-5522
MapServer is affected by a stack-based buffer overflow (CVE-2017-5522) that can be triggered via WFS get feature requests. The vulnerability affects MapServer releases prior to 6.0.6, 6.2.x prior to 6.2.4, 6.4.x prior to 6.4.5, and 7.0.x prior to 7.0.4. Exploitation is remote over the network and...
CVE-2009-0843
CVE-2009-0843 affects MapServer (MapServer 4.x before 4.10.4 and 5.x before 5.2.2). The vulnerability arises from missing input validation in the queryfile parameter of the mapserv/GET request, allowing remote attackers to infer the existence of arbitrary files via differing error messages. Debia...
CVE-2010-1678
Mapserver 5.2, 5.4 and 5.6 before 5.6.5-2 contain an input validation error in Mapfile parsing due to improper validation of symbol index values. This can lead to a segmentation fault/crash. A fix is available in 5.6.5-2 (and later); upgrading is recommended.
CVE-2009-0839
CVE-2009-0839 is a mapserver vulnerability affecting MapServer 4.x (pre-4.10.4) and 5.x (pre-5.2.2) where a stack-based buffer overflow can be triggered by a crafted id parameter in a query action when a map contains a long IMAGEPATH or NAME attribute. This leads to arbitrary code execution on th...
CVE-2009-0841
MapServer’s mapserv on Windows with Cygwin is vulnerable to directory traversal via a .. in the id parameter, allowing remote creation of arbitrary files. Affected: MapServer 4.x before 4.10.4 and 5.x before 5.2.2. Several advisories (e.g., Debian DSA-1914-1, Fedora advisories) indicate fixes in ...
CVE-2009-2281
MapServer is vulnerable to a heap-based buffer overflow in readPostBody of cgiutil.c. The issue affects MapServer 4.x up to 4.10.4 and 5.x up to 5.4.1 (before 5.4.2), due to an integer overflow that can be triggered by a crafted Content-Length header or a large HTTP request. This results in arbit...
CVE-2009-0842
MapServer is affected by CVE-2009-0842 due to a lack of file type verification when parsing a map file, which can disclose content from arbitrary files via error messages when a full path is provided in the map parameter. Impact is partial disclosure of file contents, as described in Debian secur...
CVE-2013-7262
The vulnerability CVE-2013-7262 affects MapServer (MapServer before 6.4.1) in the msPostGISLayerSetTimeFilter function (mappostgis.c). When using a WMS-Time service, a crafted PostGIS TIME filter can lead to remote SQL command execution, exposing SQL injection risk with partial confidentiality/in...
CVE-2011-2704
MapServer has a stack-based buffer overflow in its OGC filter encoding handling, affecting versions before 4.10.7 (and 5.x before 5.6.7). This allows remote code execution via OGC filter vectors. Remediation: upgrade to 4.10.7+ or 5.6.7+. The provided sources do not include explicit exploitation ...
CVE-2010-2539
CVE-2010-2539 concerns MapServer’s mapserv component. A buffer overflow in the msTmpFile function (maputil.c) allows local users to cause a denial of service via temporary-file name handling. Affected products are MapServer releases before 4.10.6 and 5.x before 5.6.4. The issue stems from overrun...
CVE-2011-2703
CVE-2011-2703 describes multiple SQL injection vulnerabilities in MapServer prior to 4.10.7, 5.x prior to 5.6.7, and 6.x prior to 6.0.1. Attack vectors relate to OGC filter encoding and WMS time support, enabling remote attackers to execute arbitrary SQL commands. Impact is partial confidentialit...
CVE-2021-32062
MapServer CGI vulnerability CVE-2021-32062 affects MapServer before 7.0.8, 7.1.x and 7.2.x before 7.2.3, 7.3.x and 7.4.x before 7.4.5, and 7.5.x and 7.6.x before 7.6.3. The issue is improper enforcement of MS_MAP_NO_PATH and MS_MAP_PATTERN restrictions that control where a mapfile may be loaded f...
CVE-2009-1176
MapServer's mapserv binary (MapServer 4.x before 4.10.4 and 5.x before 5.2.2) is affected by a vulnerability in the handling of the id parameter in query actions: the string holding the id parameter may not end with a null terminator, enabling a remote attacker to trigger a buffer overflow or rel...
CVE-2009-1177
CVE-2009-1177 affects MapServer’s mapserv, specifically MapServer 4.x before 4.10.4 and 5.x before 5.2.2. The flaw resides in maptemplate.c and is described as multiple stack-based buffer overflows, with unknown impact and remote attack vectors. The Red Hat CVE entry corroborates this description...
CVE-2026-33721
MapServer (CVE-2026-33721) has a heap-buffer-overflow in the SLD parser triggered by a crafted SLD containing more than 100 Threshold elements in a ColorMap/Categorize structure, exploitable by an unauthenticated remote attacker via WMS GetMap with SLD_BODY. Affects versions up to 4.2 prior to 8....
CVE-2011-2975
The CVE-2011-2975 entry concerns MapServer prior to 6.0.1, where a double free in mapsymbol.c:msAddImageSymbol can be triggered by crafted mapfile data, potentially causing a denial of service (application crash) and unspecified impact. The issue is rooted in a memory-management flaw in the funct...
CVE-2016-9839
CVE-2016-9839 affects MapServer versions prior to 7.0.3, where OGR driver error messages may leak sensitive information when data connections fail. The vulnerability arises from overly verbose error output. In published advisories, Fedora/OpenVAS entries describe a security fix and map the issue ...
CVE-2025-59431
MapServer prior to 8.4.1 is affected by a vulnerability in the XML Filter Query directive PropertyName that can be exploited via Boolean-based SQL injection by injecting double quote characters into PropertyName, enabling manipulation of backend database queries. The issue is fixed in MapServer 8...
CVE-2026-45104
MapServer CVE-2026-45104 describes a NULL pointer dereference in SLD parsing of rules when exposed via WMS SLD_BODY. From 6.4.0 through before 8.6.3, msSLDParseUserStyle calls _SLDApplyRuleValues(psRule, psLayer, 1) for any with , assuming one class was added. If the rule has no symbolizer (sti...
CVE-2026-42030
Technical details about CVE-2026-42030 are not publicly provided in the supplied documents. Monitor for updates from MapServer advisories and the CVE entry.