Published: 01/08/2011 Updated: 07/06/2021

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 685

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Double free vulnerability in the msAddImageSymbol function in mapsymbol.c in MapServer prior to 6.0.1 might allow remote malicious users to cause a denial of service (application crash) or have unspecified other impact via crafted mapfile data.

Vulnerable Product	Search on Vulmon	Subscribe to Product
osgeo mapserver 5.0.0
osgeo mapserver 5.2.0
osgeo mapserver 5.2.1
osgeo mapserver 4.10.0
osgeo mapserver 5.4.0
osgeo mapserver 4.10.2
osgeo mapserver 4.10.3
osgeo mapserver 4.8.0
osgeo mapserver 5.6.0
osgeo mapserver 4.2.0
umn mapserver 5.6.4
umn mapserver 5.6.5
umn mapserver 5.6.6
osgeo mapserver
osgeo mapserver 5.4.1
osgeo mapserver 4.4.0
osgeo mapserver 4.6.0
umn mapserver 6.0.0
osgeo mapserver 5.4.2
osgeo mapserver 5.6.3
umn mapserver 5.2.2
umn mapserver 5.6.7
osgeo mapserver 4.10.4
osgeo mapserver 4.10.1
osgeo mapserver 5.6.1
osgeo mapserver 4.10.5
umn mapserver 4.10.7
umn mapserver 5.2.3

source: wwwsecurityfocuscom/bid/49374/info MapServer is prone to a remote denial-of-service vulnerability due to a double free condition Attackers can exploit this issue to crash the application, denying service to legitimate users Due to the nature of this issue, code execution may be possible; however, this has not been confirmed V ...

CWE-399 http://lists.osgeo.org/pipermail/mapserver-users/2011-July/069430.html http://trac.osgeo.org/mapserver/ticket/3939 https://nvd.nist.gov https://www.exploit-db.com/exploits/36092/

CVE-2011-2975

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect