Heap-based Buffer Overflow Vulnerability in MiniUPnP ngiflib
CVE-2018-10717

8.8HIGH

Key Information:

Vendor: Miniupnp Project
Status: Ngiflib
Vendor: CVE Published:; 3 May 2018

🔔 Create Miniupnp Project Vulnerability Alert

What is CVE-2018-10717?

The DecodeGifImg function in ngiflib version 0.4 of MiniUPnP is susceptible to a heap-based buffer overflow. This vulnerability arises because the function does not properly validate the bounds of the pixel data structure within GIF files. Remote attackers can exploit this flaw by crafting a malicious GIF file, leading to potential denial of service conditions, such as application crashes or other unspecified impacts.

References

https://github.com/miniupnp/ngiflib/issues/3

x_refsource_CONFIRM

https://github.com/miniupnp/ngiflib/commit/cf429e0a2fe26b...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
May 3, 2018

CVE-2018-10717 Data

JSON