CVE-2010-2539 — mapserver - arbitrary code execution

Description

Buffer overflow in the msTmpFile function in maputil.c in mapserv in MapServer before 4.10.6 and 5.x before 5.6.4 allows local users to cause a denial of service via vectors involving names of temporary files.

How to fix CVE-2010-2539

To remediate CVE-2010-2539, upgrade the affected package to a fixed version below.

Debian/mapserver—upgrade to 5.6.4-1 or later
Debian/mapserver—upgrade to 5.0.3-3+lenny5 or later

Is CVE-2010-2539 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

from 0, < 5.6.4-1
from 0, < 5.0.3-3+lenny5

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2010-2539