Vulnerability in Osgeo Mapserver

CVE-2011-2975

Double free vulnerability in the msAddImageSymbol function in mapsymbol.c in MapServer before 6.0.1 might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact via crafted mapfile data.

EPSS: 0.025 (85.5th percentile) — read the EPSS interpretation.

Affected products

Osgeo Mapserver — versions 4.2.0, 4.4.0, 4.6.0
Umn Mapserver — versions 4.10.7, 5.2.2, 5.2.3
N/a — versions n/a

Weakness classification (CWE)

CWE-399

References

cve@mitre.org (x_refsource_CONFIRM, Patch)
[mapserver-users] 20110713 MapServer 6.0.1, 5.6.7 and 4.10.7 releases with security fixes (mailing-list, x_refsource_MLIST, Patch)