Osgeo Mapserver

10 CVEs affecting Osgeo Mapserver. Latest disclosed: 2026-05-27. Critical: 1, High: 2.

Top CVEs affecting Osgeo Mapserver
CVESeverityScorePublishedSummary
CVE-2017-5522Critical9.82017-03-15Stack-based buffer overflow in MapServer before 6.0.6, 6.2.x before 6.2.4, 6.4.x before 6.4.5, and 7.0.x before 7.0.4 allows remote attackers to cause a denial…
CVE-2026-45104High7.52026-05-27MapServer is a system for developing web-based GIS applications. From 6.4.0 to before 8.6.3, msSLDParseUserStyle always calls _SLDApplyRuleValues(psRule, psLay…
CVE-2016-9839High7.52016-12-08In MapServer before 7.0.3, OGR driver error messages are too verbose and may leak sensitive information if data connection fails.
CVE-2026-42030Medium6.12026-05-08MapServer is a system for developing web-based GIS applications. From version 6.0 to before version 8.6.2, a reflected XSS vulnerability in MapServer's WMS ser…
CVE-2013-72622014-01-05SQL injection vulnerability in the msPostGISLayerSetTimeFilter function in mappostgis.c in MapServer before 6.4.1, when a WMS-Time service is used, allows remo…
CVE-2011-29752011-08-01Double free vulnerability in the msAddImageSymbol function in mapsymbol.c in MapServer before 6.0.1 might allow remote attackers to cause a denial of service (…
CVE-2011-27042011-08-01Stack-based buffer overflow in MapServer before 4.10.7 and 5.x before 5.6.7 allows remote attackers to execute arbitrary code via vectors related to OGC filter…
CVE-2011-27032011-08-01Multiple SQL injection vulnerabilities in MapServer before 4.10.7, 5.x before 5.6.7, and 6.x before 6.0.1 allow remote attackers to execute arbitrary SQL comma…
CVE-2010-25402010-08-02mapserv.c in mapserv in MapServer before 4.10.6 and 5.x before 5.6.4 does not properly restrict the use of CGI command-line arguments that were intended for de…
CVE-2010-25392010-08-02Buffer overflow in the msTmpFile function in maputil.c in mapserv in MapServer before 4.10.6 and 5.x before 5.6.4 allows local users to cause a denial of servi…