CVE-2026-45104 in MapServerinformación

Resumen

por MITRE • 2026-05-27

MapServer is a system for developing web-based GIS applications. From 6.4.0 to before 8.6.3, msSLDParseUserStyle always calls _SLDApplyRuleValues(psRule, psLayer, 1); for any carrying — it assumes msSLDParseRule added one class. When the rule has no symbolizer (a structurally valid SLD), msSLDParseRule adds zero, and _SLDApplyRuleValues ends up indexing _class[-1], resulting in a NULL pointer dereference. A 200-byte well-formed SLD via the WMS SLD_BODY= parameter is enough to trigger this, no auth required. This vulnerability is fixed in 8.6.3.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsable

GitHub M

Reservar

2026-05-08

Divulgación

2026-05-27

Moderación

aceptado

Artículo

VDB-366515

CPE

listo

CWE

CWE-129 (confirmado)

CVSS

7.5 (CNA)

EPSS

0.00053

KEV

Actividades

muy bajo

Fuentes

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-45104
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-45104
CVE Details	https://www.cvedetails.com/cve/CVE-2026-45104/

◂ Anterior Visión De Conjunto Próximo ▸

Do you need the next level of professionalism?

Upgrade your account now!