Vulnerabilities > Osgeo
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-20 | CVE-2019-25050 | Out-of-bounds Write vulnerability in Osgeo Gdal netCDF in GDAL 2.4.2 through 3.0.4 has a stack-based buffer overflow in nc4_get_att (called from nc4_get_att_tc and nc_get_att_text) and in uffd_cleanup (called from netCDFDataset::~netCDFDataset and netCDFDataset::~netCDFDataset). | 4.6 |
| 2021-05-06 | CVE-2021-32062 | Path Traversal vulnerability in multiple products MapServer before 7.0.8, 7.1.x and 7.2.x before 7.2.3, 7.3.x and 7.4.x before 7.4.5, and 7.5.x and 7.6.x before 7.6.3 does not properly enforce the MS_MAP_NO_PATH and MS_MAP_PATTERN restrictions that are intended to control the locations from which a mapfile may be loaded (with MapServer CGI). | 5.3 |
| 2019-10-29 | CVE-2010-1678 | Improper Input Validation vulnerability in Osgeo Mapserver Mapserver 5.2, 5.4 and 5.6 before 5.6.5-2 improperly validates symbol index values during Mapfile parsing. | 5.0 |
| 2019-10-14 | CVE-2019-17546 | Integer Overflow or Wraparound vulnerability in multiple products tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition. | 8.8 |
| 2019-10-14 | CVE-2019-17545 | Double Free vulnerability in multiple products GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded. | 9.8 |
| 2017-03-15 | CVE-2017-5522 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Stack-based buffer overflow in MapServer before 6.0.6, 6.2.x before 6.2.4, 6.4.x before 6.4.5, and 7.0.x before 7.0.4 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via vectors involving WFS get feature requests. | 7.5 |
| 2016-12-08 | CVE-2016-9839 | Information Exposure vulnerability in Osgeo Mapserver In MapServer before 7.0.3, OGR driver error messages are too verbose and may leak sensitive information if data connection fails. | 7.5 |
| 2014-01-05 | CVE-2013-7262 | SQL Injection vulnerability in multiple products SQL injection vulnerability in the msPostGISLayerSetTimeFilter function in mappostgis.c in MapServer before 6.4.1, when a WMS-Time service is used, allows remote attackers to execute arbitrary SQL commands via a crafted string in a PostGIS TIME filter. | 6.8 |
| 2011-08-01 | CVE-2011-2975 | Resource Management Errors vulnerability in multiple products Double free vulnerability in the msAddImageSymbol function in mapsymbol.c in MapServer before 6.0.1 might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact via crafted mapfile data. | 6.8 |
| 2011-08-01 | CVE-2011-2704 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Stack-based buffer overflow in MapServer before 4.10.7 and 5.x before 5.6.7 allows remote attackers to execute arbitrary code via vectors related to OGC filter encoding. | 7.5 |