Ticket #3641 (closed defect: fixed)
CVE-2010-1678: Improper validation of symbol index values.
|Reported by:||sdlime||Owned by:||aboudreault|
Mapfile parsing does not properly validate symbols referenced by index. Also applies to URL changes, which is the more significant issue. The result can be an segfault from an invalid array index.
Fix is to do a bounds check on symbol values once the parse is complete.
Vulnerability exists in trunk, 5.2, 5.4, 5.6 and perhaps other versions. Mapfile issue is not as severe and probably has existed for years.