CVE-2011-2975

Double free vulnerability in the msAddImageSymbol function in mapsymbol.c in MapServer before 6.0.1 might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact via crafted mapfile data.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 85%
VendorProductVersion
osgeomapserver
𝑥
≤ 6.0.0
osgeomapserver
4.2.0:beta1
osgeomapserver
4.4.0
osgeomapserver
4.4.0:beta1
osgeomapserver
4.4.0:beta2
osgeomapserver
4.4.0:beta3
osgeomapserver
4.6.0
osgeomapserver
4.6.0:beta1
osgeomapserver
4.6.0:beta2
osgeomapserver
4.6.0:beta3
osgeomapserver
4.6.0:rc1
osgeomapserver
4.8.0:beta1
osgeomapserver
4.8.0:beta2
osgeomapserver
4.8.0:beta3
osgeomapserver
4.8.0:rc1
osgeomapserver
4.8.0:rc2
osgeomapserver
4.10.0
osgeomapserver
4.10.0:beta1
osgeomapserver
4.10.0:beta2
osgeomapserver
4.10.0:beta3
osgeomapserver
4.10.0:rc1
osgeomapserver
4.10.1
osgeomapserver
4.10.2
osgeomapserver
4.10.3
osgeomapserver
4.10.4
osgeomapserver
4.10.5
osgeomapserver
5.0.0
osgeomapserver
5.0.0:beta1
osgeomapserver
5.0.0:beta2
osgeomapserver
5.0.0:beta3
osgeomapserver
5.0.0:beta4
osgeomapserver
5.0.0:beta5
osgeomapserver
5.0.0:beta6
osgeomapserver
5.0.0:rc1
osgeomapserver
5.0.0:rc2
osgeomapserver
5.2.0
osgeomapserver
5.2.0:beta1
osgeomapserver
5.2.0:beta2
osgeomapserver
5.2.0:beta3
osgeomapserver
5.2.0:beta4
osgeomapserver
5.2.0:rc1
osgeomapserver
5.2.1
osgeomapserver
5.4.0
osgeomapserver
5.4.0:beta1
osgeomapserver
5.4.0:beta2
osgeomapserver
5.4.0:beta3
osgeomapserver
5.4.0:beta4
osgeomapserver
5.4.0:rc1
osgeomapserver
5.4.0:rc2
osgeomapserver
5.4.1
osgeomapserver
5.4.2
osgeomapserver
5.6.0
osgeomapserver
5.6.1
osgeomapserver
5.6.3
umnmapserver
4.10.7
umnmapserver
5.2.2
umnmapserver
5.2.3
umnmapserver
5.6.4
umnmapserver
5.6.5
umnmapserver
5.6.6
umnmapserver
5.6.7
umnmapserver
6.0.0:beta1
umnmapserver
6.0.0:beta2
umnmapserver
6.0.0:beta3
umnmapserver
6.0.0:beta4
umnmapserver
6.0.0:beta5
umnmapserver
6.0.0:beta6
umnmapserver
6.0.0:beta7
umnmapserver
6.0.0:rc1
umnmapserver
6.0.0:rc2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
mapserver
bullseye
7.6.2-1
fixed
lenny
not-affected
squeeze
not-affected
bookworm
8.0.0-3
fixed
sid
8.2.2-1
fixed
trixie
8.2.2-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
mapserver
natty
not-affected
maverick
not-affected
lucid
not-affected
hardy
ignored
Common Weakness Enumeration
References
http://lists.osgeo.org/pipermail/mapserver-users/2011-July/069430.html
http://trac.osgeo.org/mapserver/ticket/3939
http://lists.osgeo.org/pipermail/mapserver-users/2011-July/069430.html
http://trac.osgeo.org/mapserver/ticket/3939