MapServer has heap buffer overflow in SLD `Categorize` Threshold parsing

Description

MapServer is a system for developing web-based GIS applications. Starting in version 4.2 and prior to version 8.6.1, a heap-buffer-overflow write in MapServer’s SLD (Styled Layer Descriptor) parser lets a remote, unauthenticated attacker crash the MapServer process by sending a crafted SLD with more than 100 Threshold elements inside a ColorMap/Categorize structure (commonly reachable via WMS GetMap with SLD_BODY). Version 8.6.1 patches the issue.

Affected Products

Vendor	Product	Versions
mapserver	mapserver	>= 4.2, < 8.6.1, < 8.6.1

References

https://github.com/MapServer/MapServer/security/advisories/GHSA-cv4m-mr84-fgjp(x_refsource_CONFIRM)
https://github.com/MapServer/MapServer/releases/tag/rel-8-6-1(x_refsource_MISC)

Related News (1 articles)

Tier C

VulDB5h ago

CVE-2026-33721 | MapServer up to 8.6.0 SLD out-of-bounds write (GHSA-cv4m-mr84-fgjp)

→ No new info (linked only)

CVSS 3.15.3 CRITICAL

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CISA KEV❌ No

Actively exploited✅ Yes

CWECWE-787

Published3/27/2026

Last enriched5h agov2

Trending Score49

Source articles1

Independent1

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Version History

Last enriched 5h ago

v2Tier C5h ago

Updated severity to CRITICAL, affected versions to < 8.6.1, and noted that no exploit exists.

severityaffectedVersionsactivelyExploitedpatchAvailable

via VulDB

v19h ago

Initial creation