{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-33721", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-23T17:34:57.559Z", "datePublished": "2026-03-27T00:15:00.360Z", "dateUpdated": "2026-03-27T00:15:00.360Z"}, "containers": {"cna": {"title": "MapServer has heap buffer overflow in SLD `Categorize` Threshold parsing", "problemTypes": [{"descriptions": [{"cweId": "CWE-787", "lang": "en", "description": "CWE-787: Out-of-bounds Write", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/MapServer/MapServer/security/advisories/GHSA-cv4m-mr84-fgjp", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/MapServer/MapServer/security/advisories/GHSA-cv4m-mr84-fgjp"}, {"name": "https://github.com/MapServer/MapServer/releases/tag/rel-8-6-1", "tags": ["x_refsource_MISC"], "url": "https://github.com/MapServer/MapServer/releases/tag/rel-8-6-1"}], "affected": [{"vendor": "MapServer", "product": "MapServer", "versions": [{"version": ">= 4.2, < 8.6.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-27T00:15:00.360Z"}, "descriptions": [{"lang": "en", "value": "MapServer is a system for developing web-based GIS applications. Starting in version 4.2 and prior to version 8.6.1, a heap-buffer-overflow write in MapServer\u2019s SLD (Styled Layer Descriptor) parser lets a remote, unauthenticated attacker crash the MapServer process by sending a crafted SLD with more than 100 Threshold elements inside a ColorMap/Categorize structure (commonly reachable via WMS GetMap with SLD_BODY). Version 8.6.1 patches the issue."}], "source": {"advisory": "GHSA-cv4m-mr84-fgjp", "discovery": "UNKNOWN"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "MapServer is a system for developing web-based GIS applications. Starting in version 4.2 and prior to version 8.6.1, a heap-buffer-overflow write in MapServer\u2019s SLD (Styled Layer Descriptor) parser lets a remote, unauthenticated attacker crash the MapServer process by sending a crafted SLD with more than 100 Threshold elements inside a ColorMap/Categorize structure (commonly reachable via WMS GetMap with SLD_BODY). Version 8.6.1 patches the issue."}], "id": "CVE-2026-33721", "lastModified": "2026-03-27T01:16:19.670", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-27T01:16:19.670", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/MapServer/MapServer/releases/tag/rel-8-6-1"}, {"source": "security-advisories@github.com", "url": "https://github.com/MapServer/MapServer/security/advisories/GHSA-cv4m-mr84-fgjp"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "MapServer: MapServer: Denial of Service via crafted Styled Layer Descriptor", "id": "2452066", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452066"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-787", "details": ["A flaw was found in MapServer, a system for developing web-based Geographic Information System (GIS) applications. A remote, unauthenticated attacker can exploit a heap-buffer-overflow vulnerability by sending a specially crafted Styled Layer Descriptor (SLD) with an excessive number of Threshold elements. This can cause the MapServer process to crash, leading to a Denial of Service (DoS)."], "mitigation": {"lang": "en:us", "value": "Restrict network access to the MapServer instance to trusted clients only. Implement firewall rules to limit inbound connections to the MapServer service, ensuring that only authorized users or systems can submit Styled Layer Descriptor (SLD) requests. If MapServer functionality is not required, consider disabling or uninstalling the MapServer package to eliminate the attack surface. If a web application firewall (WAF) is in use, configure it to inspect and potentially filter overly large or malformed SLD requests."}, "name": "CVE-2026-33721", "public_date": "2026-03-27T00:15:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-33721\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-33721\nhttps://github.com/MapServer/MapServer/releases/tag/rel-8-6-1\nhttps://github.com/MapServer/MapServer/security/advisories/GHSA-cv4m-mr84-fgjp"], "statement": "This is an Important denial of service vulnerability in MapServer, a system for developing web-based GIS applications. A remote, unauthenticated attacker can trigger a heap-buffer-overflow by sending a specially crafted Styled Layer Descriptor (SLD) with an excessive number of Threshold elements, causing the MapServer process to crash. This affects Red Hat Community Projects that include MapServer versions prior to 8.6.1.", "threat_severity": "Important"}