UNKNOWNCVE-2026-33721

MapServer has heap buffer overflow in SLD `Categorize` Threshold parsing

Platform

other

Component

mapserver

Fixed in

8.6.1

MapServer is a system for developing web-based GIS applications. Starting in version 4.2 and prior to version 8.6.1, a heap-buffer-overflow write in MapServer’s SLD (Styled Layer Descriptor) parser lets a remote, unauthenticated attacker crash the MapServer process by sending a crafted SLD with more than 100 Threshold elements inside a ColorMap/Categorize structure (commonly reachable via WMS GetMap with SLD_BODY). Version 8.6.1 patches the issue.

How to fix

Actualice MapServer a la versión 8.6.1 o superior. Esta versión corrige la vulnerabilidad de desbordamiento de búfer en el análisis de Threshold en SLD Categorize. La actualización evitará que atacantes remotos no autenticados puedan causar una denegación de servicio al enviar SLDs maliciosos.

Monitor your dependencies automatically

Get notified when new vulnerabilities affect your projects. Free forever.

Start free