Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2975

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2011-2975
Last Modified 05 Aug 2011 12:00:00
Published 01 Aug 2011 04:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-2975

Summary

Double free vulnerability in the msAddImageSymbol function in mapsymbol.c in MapServer before 6.0.1 might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact via crafted mapfile data.

Vulnerable Systems

Application

  • Umn Mapserver 4.10

  • Umn Mapserver 4.10.0

  • Umn Mapserver 4.10.1

  • Umn Mapserver 4.10.2

  • Umn Mapserver 4.10.3

  • Umn Mapserver 4.10.4

  • Umn Mapserver 4.10.5

  • Umn Mapserver 4.10.7

  • Umn Mapserver 4.2

  • Umn Mapserver 4.4.0

  • Umn Mapserver 4.6.0

  • Umn Mapserver 4.8

  • Umn Mapserver 5.0.0

  • Umn Mapserver 5.2.0

  • Umn Mapserver 5.2.1

  • Umn Mapserver 5.2.2

  • Umn Mapserver 5.2.3

  • Umn Mapserver 5.4.0

  • Umn Mapserver 5.4.1

  • Umn Mapserver 5.4.2

  • Umn Mapserver 5.6.0

  • Umn Mapserver 5.6.1

  • Umn Mapserver 5.6.3

  • Umn Mapserver 5.6.4

  • Umn Mapserver 5.6.5

  • Umn Mapserver 5.6.6

  • Umn Mapserver 5.6.7

  • Umn Mapserver 6.0.0


References

CONFIRM - http://trac.osgeo.org/mapserver/ticket/3939

MLIST - [mapserver-users] 20110713 MapServer 6.0.1, 5.6.7 and 4.10.7 releases with security fixes


Last Updated: 27 May 2016 10:57:14