CVE-2007-4629
published 2007-08-31CVE-2007-4629: Buffer overflow in the processLine function in maptemplate.c in MapServer before 4.10.3 allows attackers to cause a denial of service and possibly execute…
PriorityP430high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
3.49%
87.7th percentile
Buffer overflow in the processLine function in maptemplate.c in MapServer before 4.10.3 allows attackers to cause a denial of service and possibly execute arbitrary code via a mapfile with a long layer name, group name, or metadata entry name.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | mapserver | < mapserver 4.10.3-1 (bookworm) | mapserver 4.10.3-1 (bookworm) |
| osgeo | mapserver | >= 0 < 4.10.3-1 | 4.10.3-1 |
| osgeo | mapserver | >= 0 < 4.10.3-1 | 4.10.3-1 |
| osgeo | mapserver | >= 0 < 4.10.3-1 | 4.10.3-1 |
| osgeo | mapserver | >= 0 < 4.10.3-1 | 4.10.3-1 |
| university_of_minnesota | mapserver | <= 4.10.2 | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2007-4629: mapserver - Buffer overflow in the processLine function in maptemplate.c in MapServer before...
vendor_debian·2007·CVSS 7.5
CVE-2007-4629 [HIGH] CVE-2007-4629: mapserver - Buffer overflow in the processLine function in maptemplate.c in MapServer before...
Buffer overflow in the processLine function in maptemplate.c in MapServer before 4.10.3 allows attackers to cause a denial of service and possibly execute arbitrary code via a mapfile with a long layer name, group name, or metadata entry name.
Scope: local
bookworm: resolved (fixed in 4.10.3-1)
bullseye: resolved (fixed in 4.10.3-1)
forky: resolved (fixed in 4.10.3-1)
sid: resolved (fixed in 4.10.3-1)
trixie: resolved (fixed in 4.10.3-1)
GHSA
GHSA-c6g6-2mm5-xfwv: Buffer overflow in the processLine function in maptemplate
ghsa_unreviewed·2022-05-01
CVE-2007-4629 [HIGH] CWE-119 GHSA-c6g6-2mm5-xfwv: Buffer overflow in the processLine function in maptemplate
Buffer overflow in the processLine function in maptemplate.c in MapServer before 4.10.3 allows attackers to cause a denial of service and possibly execute arbitrary code via a mapfile with a long layer name, group name, or metadata entry name.
OSV
CVE-2007-4629: Buffer overflow in the processLine function in maptemplate
osv·2007-08-31·CVSS 7.5
CVE-2007-4629 [HIGH] CVE-2007-4629: Buffer overflow in the processLine function in maptemplate
Buffer overflow in the processLine function in maptemplate.c in MapServer before 4.10.3 allows attackers to cause a denial of service and possibly execute arbitrary code via a mapfile with a long layer name, group name, or metadata entry name.
No detection rules found.
No public exploits indexed.
http://mapserver.gis.umn.edu/download/current/HISTORY.TXT/http://secunia.com/advisories/26561http://secunia.com/advisories/26718http://secunia.com/advisories/29688http://securityreason.com/securityalert/3082http://trac.osgeo.org/mapserver/ticket/2252http://www.debian.org/security/2008/dsa-1539http://www.securityfocus.com/bid/25582http://www.vupen.com/english/advisories/2007/2974https://bugzilla.redhat.com/show_bug.cgi?id=272081https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00096.htmlhttp://mapserver.gis.umn.edu/download/current/HISTORY.TXT/http://secunia.com/advisories/26561http://secunia.com/advisories/26718http://secunia.com/advisories/29688http://securityreason.com/securityalert/3082http://trac.osgeo.org/mapserver/ticket/2252http://www.debian.org/security/2008/dsa-1539http://www.securityfocus.com/bid/25582http://www.vupen.com/english/advisories/2007/2974https://bugzilla.redhat.com/show_bug.cgi?id=272081https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00096.html
2007-08-31
Published