7.5

CVE-2010-1678

Mapserver 5.2, 5.4 and 5.6 before 5.6.5-2 improperly validates symbol index values during Mapfile parsing.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OsgeoMapserver Version >= 5.6.0 < 5.6.5.-2
OsgeoMapserver Version5.2.0
OsgeoMapserver Version5.4.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.17% 0.799
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://people.canonical.com/~ubuntu-security/cve/2010/CVE-2010-1678.html
Third Party Advisory
https://security-tracker.debian.org/tracker/CVE-2010-1678
Third Party Advisory
https://trac.osgeo.org/mapserver/ticket/3641
Third Party Advisory