HIGH
MapServer
CVE published 2026-05-27
CVE-2026-45104
MapServer versions 6.4.0 through 8.6.2 contain a NULL pointer dereference vulnerability in SLD (Styled Layer Descriptor) parsing. The flaw resides in `msSLDParseUserStyle`, which unconditionally calls `_SLDApplyRuleValues(psRule, psLayer, 1)` for any `<Rule>` element containing `<ElseFilter/>`. This assumes that `msSLDParseRule` has added at least one class to the layer. However, when a rule lacks any sym [truncated]