CyberSec.Space Logo
Back to CVE Browser

CVE-2009-0839

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0770%
EPSS Percentile37.08th
PublishedMar 31, 2009
Last ModifiedApr 23, 2026

Vulnerability Description

Stack-based buffer overflow in mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2, when the server has a map with a long IMAGEPATH or NAME attribute, allows remote attackers to execute arbitrary code via a crafted id parameter in a query action.

Affected Platforms (CPE)

πŸ“¦
Osgeo

Mapserver

= 4.2.0
πŸ“¦
Osgeo

Mapserver

= 4.4.0
πŸ“¦
Osgeo

Mapserver

= 4.4.0
πŸ“¦
Osgeo

Mapserver

= 4.4.0
πŸ“¦
Osgeo

Mapserver

= 4.4.0
πŸ“¦
Osgeo

Mapserver

= 4.6.0
πŸ“¦
Osgeo

Mapserver

= 4.6.0
πŸ“¦
Osgeo

Mapserver

= 4.6.0
πŸ“¦
Osgeo

Mapserver

= 4.6.0
πŸ“¦
Osgeo

Mapserver

= 4.6.0
πŸ“¦
Osgeo

Mapserver

= 4.8.0
πŸ“¦
Osgeo

Mapserver

= 4.8.0
πŸ“¦
Osgeo

Mapserver

= 4.8.0
πŸ“¦
Osgeo

Mapserver

= 4.8.0
πŸ“¦
Osgeo

Mapserver

= 4.8.0
πŸ“¦
Osgeo

Mapserver

= 4.10.0
πŸ“¦
Osgeo

Mapserver

= 4.10.0
πŸ“¦
Osgeo

Mapserver

= 4.10.0
πŸ“¦
Osgeo

Mapserver

= 4.10.0
πŸ“¦
Osgeo

Mapserver

= 4.10.0
πŸ“¦
Osgeo

Mapserver

= 4.10.1
πŸ“¦
Osgeo

Mapserver

= 4.10.2
πŸ“¦
Osgeo

Mapserver

= 4.10.3
πŸ“¦
Osgeo

Mapserver

= 5.0.0
πŸ“¦
Osgeo

Mapserver

= 5.0.0
πŸ“¦
Osgeo

Mapserver

= 5.0.0
πŸ“¦
Osgeo

Mapserver

= 5.0.0
πŸ“¦
Osgeo

Mapserver

= 5.0.0
πŸ“¦
Osgeo

Mapserver

= 5.0.0
πŸ“¦
Osgeo

Mapserver

= 5.0.0
πŸ“¦
Osgeo

Mapserver

= 5.0.0
πŸ“¦
Osgeo

Mapserver

= 5.0.0
πŸ“¦
Osgeo

Mapserver

= 5.2.0
πŸ“¦
Osgeo

Mapserver

= 5.2.0
πŸ“¦
Osgeo

Mapserver

= 5.2.0
πŸ“¦
Osgeo

Mapserver

= 5.2.0
πŸ“¦
Osgeo

Mapserver

= 5.2.0
πŸ“¦
Osgeo

Mapserver

= 5.2.0
πŸ“¦
Osgeo

Mapserver

= 5.2.1
πŸ“¦
Umn

Mapserver

= 4.0
πŸ“¦
Umn

Mapserver

= 4.0
πŸ“¦
Umn

Mapserver

= 4.0

References & Advisories

πŸ”— http://lists.osgeo.org/pipermail/mapserver-users/2009-March/060600.html
πŸ”— http://secunia.com/advisories/34520
πŸ”— http://secunia.com/advisories/34603
πŸ”— http://trac.osgeo.org/mapserver/ticket/2944
πŸ”— http://www.debian.org/security/2009/dsa-1914
πŸ”— http://www.positronsecurity.com/advisories/2009-000.html
πŸ”— http://www.securityfocus.com/archive/1/502271/100/0/threaded
πŸ”— http://www.securityfocus.com/bid/34306

Related Vulnerabilities

CVE-2009-117610.0

mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 does not ensure that the string holding the id parameter ...

CVE-2009-084010.0

Heap-based buffer underflow in the readPostBody function in cgiutil.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2...

CVE-2009-084110.0

Directory traversal vulnerability in mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2, when running on Win...

CVE-2009-117710.0

Multiple stack-based buffer overflows in maptemplate.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 have unknown...