CVE-2007-4629

Published: Aug 31, 2007Modified: Apr 23, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Buffer overflow in the processLine function in maptemplate.c in MapServer before 4.10.3 allows attackers to cause a denial of service and possibly execute arbitrary code via a mapfile with a long layer name, group name, or metadata entry name.

Affected (1)

Products: University Of Minnesota: Mapserver

University Of Minnesota

1 product

Mapserver

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
University Of Minnesota Mapserver	Up to 4.10.2

Related CWEs

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (22)

http://mapserver.gis.umn.edu/download/current/HISTORY.TXT/

Source: cve@mitre.org

Patch

http://secunia.com/advisories/26561

Source: cve@mitre.org

http://secunia.com/advisories/26718

Source: cve@mitre.org

http://secunia.com/advisories/29688

Source: cve@mitre.org

http://securityreason.com/securityalert/3082

Source: cve@mitre.org

http://trac.osgeo.org/mapserver/ticket/2252

Source: cve@mitre.org

http://www.debian.org/security/2008/dsa-1539

Source: cve@mitre.org

http://www.securityfocus.com/bid/25582

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2007/2974

Source: cve@mitre.org

https://bugzilla.redhat.com/show_bug.cgi?id=272081

Source: cve@mitre.org

https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00096.html

Source: cve@mitre.org

http://mapserver.gis.umn.edu/download/current/HISTORY.TXT/