CVE-2011-2975

MapServer < 6.0.1 - Use-After-Free in msAddImageSymbol

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-2975. PoCs published by rouault.

AI-analyzed exploit summary This exploit generates a malicious .mxc file that triggers a double-free vulnerability in MapServer versions prior to 6.0.1, leading to a denial-of-service (DoS) condition. The PoC creates a file with a repeated hex pattern to exploit the vulnerability.

Description

Double free vulnerability in the msAddImageSymbol function in mapsymbol.c in MapServer before 6.0.1 might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact via crafted mapfile data.

Exploits (1)

exploitdb WORKING POC VERIFIED
by rouault · perldoswindows
https://www.exploit-db.com/exploits/36092

This exploit generates a malicious .mxc file that triggers a double-free vulnerability in MapServer versions prior to 6.0.1, leading to a denial-of-service (DoS) condition. The PoC creates a file with a repeated hex pattern to exploit the vulnerability.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: MapServer < 6.0.1
No auth needed
Prerequisites: Ability to deliver a malicious .mxc file to the target system
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References

Scores

EPSS 0.0246
EPSS Percentile 85.6%

Details

CWE
CWE-399
Status published
Products (16)
osgeo/mapserver 4.2.0 beta1
osgeo/mapserver 4.4.0 (4 CPE variants)
osgeo/mapserver 4.6.0 (5 CPE variants)
osgeo/mapserver 4.8.0 beta1 (5 CPE variants)
osgeo/mapserver 4.10.0 (5 CPE variants)
osgeo/mapserver 4.10.1
osgeo/mapserver 4.10.2
osgeo/mapserver 4.10.3
osgeo/mapserver 4.10.4
osgeo/mapserver 4.10.5
... and 6 more
Published Aug 01, 2011
Tracked Since Feb 18, 2026