Heap-based Buffer Over-read Vulnerability in MiniUPnP ngiflib by MiniUPnP
CVE-2018-11576

9.8CRITICAL

Key Information:

Vendor: Miniupnp Project
Status: Ngiflib
Vendor: CVE Published:; 31 May 2018

🔔 Create Miniupnp Project Vulnerability Alert

What is CVE-2018-11576?

The ngiflib component of MiniUPnP version 0.4 contains a heap-based buffer over-read vulnerability in the GifIndexToTrueColor function. This issue can lead to unauthorized access to sensitive memory content, potentially exposing critical data or leading to further exploitation of the system. Proper validation of input lengths is essential to mitigate this vulnerability and ensure robust application security.

References

https://github.com/miniupnp/ngiflib/issues/6

x_refsource_MISC

https://github.com/Edward-L/fuzzing-pocs/tree/master/ngiflib

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 31, 2018
Vulnerability Reserved
May 30, 2018

CVE-2018-11576 Data

JSON