CVE-2011-2704
MapServer < 4.10.7 and 5.x < 5.6.7 - Remote Code Execution via OGC Filter Encoding
Title source: llmDescription
Stack-based buffer overflow in MapServer before 4.10.7 and 5.x before 5.6.7 allows remote attackers to execute arbitrary code via vectors related to OGC filter encoding.
References (10)
Core 10
Core References
Patch x_refsource_confirm
http://trac.osgeo.org/mapserver/ticket/3903
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/68719
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/45257
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2011/dsa-2285
Patch x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=723293
Patch mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2011/07/19/14
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/45368
Patch mailing-list
x_refsource_mlist
http://lists.osgeo.org/pipermail/mapserver-users/2011-July/069430.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/48720
Patch mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2011/07/20/15
Scores
EPSS
0.0522
EPSS Percentile
91.5%
Details
CWE
CWE-119
Status
published
Products (16)
osgeo/mapserver
4.2.0 beta1
osgeo/mapserver
4.4.0 (4 CPE variants)
osgeo/mapserver
4.6.0 (5 CPE variants)
osgeo/mapserver
4.8.0 beta1 (5 CPE variants)
osgeo/mapserver
4.10.0 (5 CPE variants)
osgeo/mapserver
4.10.1
osgeo/mapserver
4.10.2
osgeo/mapserver
4.10.3
osgeo/mapserver
4.10.4
osgeo/mapserver
4.10.5
... and 6 more
Published
Aug 01, 2011
Tracked Since
Feb 18, 2026