CVE-2010-1678Improper Input Validation in Mapserver

CWE-20Improper Input Validation4 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.7%
top 28.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Osgeo MapserverDebian Mapserver
Timeline
PublishedOct 29
Latest updateApr 21

Description

Mapserver 5.2, 5.4 and 5.6 before 5.6.5-2 improperly validates symbol index values during Mapfile parsing.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

NVDosgeo/mapserver5.6.05.6.5.-2+2
debiandebian/mapserver< mapserver 5.6.5-2 (bookworm)
Debianosgeo/mapserver< 5.6.5-2+3

🔴Vulnerability Details

2
GHSA
GHSA-99cx-r2ph-pwp8: Mapserver 52022-04-21
OSV
CVE-2010-1678: Mapserver 52019-10-29

📋Vendor Advisories

1
Debian
CVE-2010-1678: mapserver - Mapserver 5.2, 5.4 and 5.6 before 5.6.5-2 improperly validates symbol index valu...2010
CVE-2010-1678 — Improper Input Validation in Mapserver | cvebase