Heap-Based Buffer Overread in ngiflib Affects MiniUPnP Products
CVE-2019-20219

8.8HIGH

Key Information:

Vendor: Miniupnp Project
Status: Ngiflib
Vendor: CVE Published:; 2 January 2020

🔔 Create Miniupnp Project Vulnerability Alert

What is CVE-2019-20219?

ngiflib version 0.4 contains a vulnerability that allows for a heap-based buffer over-read in the GifIndexToTrueColor function, potentially leading to unauthorized access to sensitive data or exploitation of the application. This flaw emphasizes the need for timely updates and security measures to mitigate potential threats to systems utilizing ngiflib.

References

https://github.com/miniupnp/ngiflib/issues/15

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 2, 2020
Vulnerability Reserved
Jan 2, 2020

CVE-2019-20219 Data

JSON