Known Vulnerabilities for products from Osgeo
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Osgeo".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-33721 | MapServer is a system for developing web-based GIS applications. Starting in version 4.2 and prior to version 8.6.1, a heap-b... | Not Provided | 2026-03-27 | 2026-04-01 |
| CVE-2022-24847 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.2 - HIGH | 2022-04-13 | 2023-06-23 |
| CVE-2021-40822 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2022-05-02 | 2022-05-09 |
| CVE-2021-39371 | An XML external entity (XXE) injection in PyWPS before 4.4.5 allows an attacker to view files on the application server files... | 7.5 - HIGH | 2021-08-23 | 2022-06-02 |
| CVE-2021-32062 | MapServer before 7.0.8, 7.1.x and 7.2.x before 7.2.3, 7.3.x and 7.4.x before 7.4.5, and 7.5.x and 7.6.x before 7.6.3 does not... | 5.3 - MEDIUM | 2021-05-06 | 2023-11-07 |
| CVE-2021-28398 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.2 - HIGH | 2022-09-05 | 2022-10-01 |
| CVE-2019-25050 | netCDF in GDAL 2.4.2 through 3.0.4 has a stack-based buffer overflow in nc4_get_att (called from nc4_get_att_tc and nc_get_at... | 7.8 - HIGH | 2021-07-20 | 2021-07-29 |
| CVE-2019-17546 | tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that pote... | 8.8 - HIGH | 2019-10-14 | 2023-11-07 |
| CVE-2019-17545 | GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded. | 9.8 - CRITICAL | 2019-10-14 | 2023-11-07 |
| CVE-2017-5522 | Stack-based buffer overflow in MapServer before 6.0.6, 6.2.x before 6.2.4, 6.4.x before 6.4.5, and 7.0.x before 7.0.4 allows ... | 9.8 - CRITICAL | 2017-03-15 | 2021-06-07 |
| CVE-2016-9839 | In MapServer before 7.0.3, OGR driver error messages are too verbose and may leak sensitive information if data connection fa... | 7.5 - HIGH | 2016-12-08 | 2023-01-31 |
| CVE-2013-7262 | SQL injection vulnerability in the msPostGISLayerSetTimeFilter function in mappostgis.c in MapServer before 6.4.1, when a WMS... | 6.8 - MEDIUM | 2014-01-05 | 2021-06-07 |
| CVE-2011-2975 | Double free vulnerability in the msAddImageSymbol function in mapsymbol.c in MapServer before 6.0.1 might allow remote attack... | 6.8 - MEDIUM | 2011-08-01 | 2021-06-07 |
| CVE-2011-2704 | Stack-based buffer overflow in MapServer before 4.10.7 and 5.x before 5.6.7 allows remote attackers to execute arbitrary code... | 7.5 - HIGH | 2011-08-01 | 2021-06-07 |
| CVE-2011-2703 | Multiple SQL injection vulnerabilities in MapServer before 4.10.7, 5.x before 5.6.7, and 6.x before 6.0.1 allow remote attack... | 7.5 - HIGH | 2011-08-01 | 2021-06-07 |
| CVE-2010-2540 | mapserv.c in mapserv in MapServer before 4.10.6 and 5.x before 5.6.4 does not properly restrict the use of CGI command-line a... | 10 - HIGH | 2010-08-02 | 2021-06-07 |
| CVE-2010-2539 | Buffer overflow in the msTmpFile function in maputil.c in mapserv in MapServer before 4.10.6 and 5.x before 5.6.4 allows loca... | 2.1 - LOW | 2010-08-02 | 2021-06-07 |
| CVE-2010-1678 | Mapserver 5.2, 5.4 and 5.6 before 5.6.5-2 improperly validates symbol index values during Mapfile parsing. | 7.5 - HIGH | 2019-10-29 | 2021-06-01 |
| CVE-2009-2281 | Multiple heap-based buffer underflows in the readPostBody function in cgiutil.c in mapserv in MapServer 4.x through 4.10.4 an... | 10 - HIGH | 2009-10-23 | 2021-06-07 |
| CVE-2009-1177 | Multiple stack-based buffer overflows in maptemplate.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 have un... | 10 - HIGH | 2009-03-31 | 2021-06-07 |