Known Vulnerabilities for Mapserver by Osgeo
Listed below are 10 of the newest known vulnerabilities associated with "Mapserver" by "Osgeo".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-33721 | MapServer is a system for developing web-based GIS applications. Starting in version 4.2 and prior to version 8.6.1, a heap-b... | Not Provided | 2026-03-27 | 2026-03-30 |
| CVE-2021-32062 | MapServer before 7.0.8, 7.1.x and 7.2.x before 7.2.3, 7.3.x and 7.4.x before 7.4.5, and 7.5.x and 7.6.x before 7.6.3 does not... | 5.3 - MEDIUM | 2021-05-06 | 2023-11-07 |
| CVE-2017-5522 | Stack-based buffer overflow in MapServer before 6.0.6, 6.2.x before 6.2.4, 6.4.x before 6.4.5, and 7.0.x before 7.0.4 allows ... | 9.8 - CRITICAL | 2017-03-15 | 2021-06-07 |
| CVE-2016-9839 | In MapServer before 7.0.3, OGR driver error messages are too verbose and may leak sensitive information if data connection fa... | 7.5 - HIGH | 2016-12-08 | 2023-01-31 |
| CVE-2013-7262 | SQL injection vulnerability in the msPostGISLayerSetTimeFilter function in mappostgis.c in MapServer before 6.4.1, when a WMS... | 6.8 - MEDIUM | 2014-01-05 | 2021-06-07 |
| CVE-2011-2975 | Double free vulnerability in the msAddImageSymbol function in mapsymbol.c in MapServer before 6.0.1 might allow remote attack... | 6.8 - MEDIUM | 2011-08-01 | 2021-06-07 |
| CVE-2011-2704 | Stack-based buffer overflow in MapServer before 4.10.7 and 5.x before 5.6.7 allows remote attackers to execute arbitrary code... | 7.5 - HIGH | 2011-08-01 | 2021-06-07 |
| CVE-2011-2703 | Multiple SQL injection vulnerabilities in MapServer before 4.10.7, 5.x before 5.6.7, and 6.x before 6.0.1 allow remote attack... | 7.5 - HIGH | 2011-08-01 | 2021-06-07 |
| CVE-2010-2539 | Buffer overflow in the msTmpFile function in maputil.c in mapserv in MapServer before 4.10.6 and 5.x before 5.6.4 allows loca... | 2.1 - LOW | 2010-08-02 | 2021-06-07 |
| CVE-2010-1678 | Mapserver 5.2, 5.4 and 5.6 before 5.6.5-2 improperly validates symbol index values during Mapfile parsing. | 7.5 - HIGH | 2019-10-29 | 2021-06-01 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Osgeo | Mapserver | 5.6.9 | All | All | All |
| Application | Osgeo | Mapserver | 5.6.8 | All | All | All |
| Application | Osgeo | Mapserver | 5.6.7 | All | All | All |
| Application | Osgeo | Mapserver | 5.6.6 | All | All | All |
| Application | Osgeo | Mapserver | 5.6.5 | All | All | All |
| Application | Osgeo | Mapserver | 5.6.4 | All | All | All |
| Application | Osgeo | Mapserver | 5.6.3 | All | All | All |
| Application | Osgeo | Mapserver | 5.6.2 | All | All | All |
| Application | Osgeo | Mapserver | 5.6.1 | All | All | All |
| Application | Osgeo | Mapserver | 5.6.0 | rc1 | All | All |
| Application | Osgeo | Mapserver | 5.6.0 | beta5 | All | All |
| Application | Osgeo | Mapserver | 5.6.0 | beta4 | All | All |
| Application | Osgeo | Mapserver | 5.6.0 | beta3 | All | All |
| Application | Osgeo | Mapserver | 5.6.0 | beta2 | All | All |
| Application | Osgeo | Mapserver | 5.6.0 | beta1 | All | All |
| Application | Osgeo | Mapserver | 5.6.0 | All | All | All |
| Application | Osgeo | Mapserver | 5.4 | All | All | All |
| Application | Osgeo | Mapserver | 5.2 | All | All | All |