CVE-2026-33721

Medium CVSS: 5.3

MapServer is a system for developing web-based GIS applications. Starting in version 4.2 and prior to version 8.6.1, a heap-buffer-overflow write in MapServer’s SLD (Styled Layer Descriptor) parser lets a remote, unauthenticated attacker crash the MapServer process by sending a crafted SLD with more than 100 Threshold elements inside a ColorMap/Categorize structure (commonly reachable via WMS GetMap with SLD_BODY). Version 8.6.1 patches the issue.

Vendor

Osgeo

Product

Mapserver

CWE

CWE-787

Yayın Tarihi

2026-03-27 01:16:19

Güncelleme

2026-04-01 15:58:41

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-787 Mapserver MEDIUM Osgeo 2026

Referanslar

https://github.com/MapServer/MapServer/releases/tag/rel-8-6-1 https://github.com/MapServer/MapServer/security/advisories/GHSA-cv4m-mr84-fgjp

Benzer Kayıtlar

High

CVE-2022-50899

Geonetwork 3.10 through 4.2.0 contains an XML external entity vulnerability in PDF rendering that allows attackers to re…

High

CVE-2025-59431

MapServer is a system for developing web-based GIS applications. Prior to 8.4.1, the XML Filter Query directive Property…

High

CVE-2025-30145

GeoServer is an open source server that allows users to share and edit geospatial data. Malicious Jiffle scripts can be…

Medium

CVE-2024-40625

GeoServer is an open source server that allows users to share and edit geospatial data. The Coverage rest api /workspace…

Medium

CVE-2025-27505

GeoServer is an open source server that allows users to share and edit geospatial data. It is possible to bypass the def…

High

CVE-2024-29198

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. It poss…