CVE-2017-5522

Stack-based buffer overflow in MapServer before 6.0.6, 6.2.x before 6.2.4, 6.4.x before 6.4.5, and 7.0.x before 7.0.4 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via vectors involving WFS get feature requests.

Published: Mar 15, 2017
Updated: Nov 9, 2025
CVE: CVE-2017-5522
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
debian / debian_linux	8.0	8.0.x
osgeo / mapserver	6.2.0-beta1	6.2.0-beta1.x
osgeo / mapserver	6.2.0-beta2	6.2.0-beta2.x
osgeo / mapserver	6.2.0-beta3	6.2.0-beta3.x
osgeo / mapserver	6.2.0-beta4	6.2.0-beta4.x
osgeo / mapserver	6.2.1	6.2.1.x
osgeo / mapserver	6.2.2	6.2.2.x
osgeo / mapserver	6.2.3	6.2.3.x
osgeo / mapserver	6.4.1	6.4.1.x
osgeo / mapserver	6.4.3	6.4.3.x
osgeo / mapserver	6.4.2	6.4.2.x
osgeo / mapserver	6.4.4	6.4.4.x
osgeo / mapserver	7.0.3	7.0.3.x
osgeo / mapserver	7.0.2	7.0.2.x
osgeo / mapserver	7.0.1	7.0.1.x
osgeo / mapserver	7.0.0-beta2	7.0.0-beta2.x
osgeo / mapserver	6.4.0-rc1	6.4.0-rc1.x
osgeo / mapserver	6.4.0-beta2	6.4.0-beta2.x
osgeo / mapserver	7.0.0-beta1	7.0.0-beta1.x
osgeo / mapserver	7.0.0	7.0.0.x
osgeo / mapserver	6.4.0	6.4.0.x
osgeo / mapserver	6.4.0-beta1	6.4.0-beta1.x
osgeo / mapserver	-	6.0.5.x
osgeo / mapserver	6.2.0-rc1	6.2.0-rc1.x
osgeo / mapserver	6.2.0	6.2.0.x

Vulnerability Database

318,389

CVE-2017-5522

Deep Security Visibility Without the Complexity