A DLL injection flaw in OSGeo Project MapServer allows an attacker to craft a malicious executable that forces the server to load arbitrary code. The vulnerability is present in all releases before version 8.0, giving an attacker the ability to run code with the same privileges as the MapServer process, which can compromise confidentiality, integrity, and availability of the affected system.

The flaw affects all installations of OSGeo MapServer version 7.x and earlier. No other vendors or product variants are listed, so any system running a pre‑8.0 MapServer build should be considered vulnerable.

The CVSS and EPSS data are not provided, but the nature of the vulnerability—remote code execution via DLL injection—indicates a high severity risk. The lack of a publicly logged exploit does not reduce the potential impact; an attacker who can deliver a crafted executable to a machine running MapServer could activate the injection. The likely attack vector is local or remote execution of a malicious executable, followed by DLL loading by the MapServer process. The probability of exploitation is unknown, but the high potential impact warrants immediate action.