VYPR
Vendor

Osgeo

Products
5
CVEs
36
Across products
36
Status
Private

Products

5

Recent CVEs

36
View all 36 CVEs →
  • CVE-2017-5522CriMar 15, 2017
    risk 0.64cvss 9.8epss 0.05

    Stack-based buffer overflow in MapServer before 6.0.6, 6.2.x before 6.2.4, 6.4.x before 6.4.5, and 7.0.x before 7.0.4 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via vectors involving WFS get feature requests.

  • CVE-2026-30479CriApr 9, 2026
    risk 0.59cvss 9.1epss 0.00

    A Dynamic-link Library Injection vulnerability in OSGeo Project MapServer before v8.0 allows attackers to execute arbitrary code via a crafted executable.

  • CVE-2026-30478HigApr 9, 2026
    risk 0.57cvss 8.8epss 0.00

    A Dynamic-link Library Injection vulnerability in GatewayGeo MapServer for Windows version 5 allows attackers to escalate privileges via a crafted executable.

  • CVE-2016-9839HigDec 8, 2016
    risk 0.49cvss 7.5epss 0.01

    In MapServer before 7.0.3, OGR driver error messages are too verbose and may leak sensitive information if data connection fails.

  • CVE-2026-49014HigMay 27, 2026
    risk 0.48cvss 7.4epss 0.00

    In GDAL 3.1.0 through 3.13.0, scanForGeometryContainers in the netCDF driver allows code execution via a stack-based buffer overflow. It reads a geometry attribute into a fixed-size stack buffer without validating the attribute length. The attacker embeds the exploit as an…

  • CVE-2026-42030MedMay 8, 2026
    risk 0.40cvss 6.1epss 0.00

    MapServer is a system for developing web-based GIS applications. From version 6.0 to before version 8.6.2, a reflected XSS vulnerability in MapServer's WMS server allows an unauthenticated attacker to inject arbitrary HTML/JavaScript into the browser of any user who opens a…

  • CVE-2025-50690MedAug 13, 2025
    risk 0.40cvss 6.1epss 0.00

    A Cross-Site Scripting (XSS) vulnerability exists in SpatialReference.org (OSGeo/spatialreference.org) versions prior to 2025-05-17 (commit 2120adfa17ddd535bd0f539e6c4988fa3a2cb491). The vulnerability is caused by improper handling of user input in the search query parameter. An…

  • CVE-2026-8213MedMay 9, 2026
    risk 0.27cvss 5.3epss 0.00

    A vulnerability has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this issue is the function GDSDfldsrch of the file frmts/hdf4/hdf-eos/GDapi.c of the component Grid File Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached…

  • CVE-2026-8212MedMay 9, 2026
    risk 0.27cvss 5.3epss 0.00

    A flaw has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this vulnerability is the function SWSDfldsrch of the file frmts/hdf4/hdf-eos/SWapi.c. Executing a manipulation can lead to heap-based buffer overflow. The attack requires local access. The exploit has been…

  • CVE-2026-8087MedMay 7, 2026
    risk 0.27cvss 5.3epss 0.00

    A security flaw has been discovered in OSGeo gdal up to 3.13.0dev-4. Impacted is the function GDnentries of the file frmts/hdf4/hdf-eos/GDapi.c. Performing a manipulation of the argument DataFieldName results in heap-based buffer overflow. The attack must be initiated from a…

  • CVE-2026-8086MedMay 7, 2026
    risk 0.27cvss 5.3epss 0.00

    A vulnerability was identified in OSGeo gdal up to 3.13.0dev-4. This issue affects the function SWnentries of the file frmts/hdf4/hdf-eos/SWapi.c. Such manipulation of the argument DimensionName leads to heap-based buffer overflow. The attack must be carried out locally. The…

  • CVE-2026-33721MedMar 27, 2026
    risk 0.27cvss 5.3epss 0.01

    MapServer is a system for developing web-based GIS applications. Starting in version 4.2 and prior to version 8.6.1, a heap-buffer-overflow write in MapServer’s SLD (Styled Layer Descriptor) parser lets a remote, unauthenticated attacker crash the MapServer process by sending…

  • CVE-2026-8088LowMay 7, 2026
    risk 0.14cvss 3.3epss 0.00

    A weakness has been identified in OSGeo gdal up to 3.13.0dev-4. The affected element is the function GDfieldinfo of the file frmts/hdf4/hdf-eos/GDapi.c. Executing a manipulation can lead to out-of-bounds read. The attack needs to be launched locally. The exploit has been made…

  • CVE-2026-8084LowMay 7, 2026
    risk 0.14cvss 3.3epss 0.00

    A vulnerability was determined in OSGeo gdal up to 3.13.0dev-4. This vulnerability affects the function memmove of the file frmts/hdf4/hdf-eos/SWapi.c of the component HDF-EOS Grid File Handler. This manipulation causes out-of-bounds read. The attack is restricted to local…

  • CVE-2011-2975Aug 1, 2011
    risk 0.03cvss epss 0.05

    Double free vulnerability in the msAddImageSymbol function in mapsymbol.c in MapServer before 6.0.1 might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact via crafted mapfile data.

  • CVE-2009-0839Mar 31, 2009
    risk 0.01cvss epss 0.09

    Stack-based buffer overflow in mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2, when the server has a map with a long IMAGEPATH or NAME attribute, allows remote attackers to execute arbitrary code via a crafted id parameter in a query action.

  • CVE-2026-4738Mar 24, 2026
    risk 0.00cvss epss 0.00

    Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in OSGeo gdal (frmts/zlib/contrib/infback9 modules). This vulnerability is associated with program files inftree9.C‎. This issue affects gdal: before 3.11.0.

  • CVE-2025-29480Apr 7, 2025
    risk 0.00cvss epss 0.00

    Buffer Overflow vulnerability in gdal 3.10.2 allows a local attacker to cause a denial of service via the OGRSpatialReference::Release function. NOTE: the Supplier indicates that the report is invalid and could not be reproduced.

  • CVE-2024-32037NonFeb 11, 2025
    risk 0.00cvss 0.0epss 0.00

    GeoNetwork is a catalog application to manage spatially referenced resources. In versions prior to 4.2.10 and 4.4.5, the search end-point response headers contain information about Elasticsearch software in use. This information is valuable from a security point of view because…

  • CVE-2022-0699Oct 17, 2022
    risk 0.00cvss epss 0.01

    A double-free condition exists in contrib/shpsort.c of shapelib 1.5.0 and older releases. This issue may allow an attacker to cause a denial of service or have other unspecified impact via control over malloc.