CVE-2011-2975

Osgeo Mapserver < 6.0.0 - Resource Management Error

Title source: rule

Description

Double free vulnerability in the msAddImageSymbol function in mapsymbol.c in MapServer before 6.0.1 might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact via crafted mapfile data.

Exploits (1)

exploitdb WORKING POC VERIFIED

by rouault · perldoswindows

https://www.exploit-db.com/exploits/36092

View Code ZIP pw:eip

References (2)

[Patch] http://lists.osgeo.org/pipermail/mapserver-users/2011-July/069430.html

[Patch] http://trac.osgeo.org/mapserver/ticket/3939

Scores

EPSS 0.0246

EPSS Percentile 85.3%

Details

CWE

CWE-399

Status published

Products (16)

osgeo/mapserver 4.2.0 beta1

osgeo/mapserver 4.4.0 (4 CPE variants)

osgeo/mapserver 4.6.0 (5 CPE variants)

osgeo/mapserver 4.8.0 beta1 (5 CPE variants)

osgeo/mapserver 4.10.0 (5 CPE variants)

osgeo/mapserver 4.10.1

osgeo/mapserver 4.10.2

osgeo/mapserver 4.10.3

osgeo/mapserver 4.10.4

osgeo/mapserver 4.10.5

... and 6 more

Published Aug 01, 2011

Tracked Since Feb 18, 2026