PT-2018-10047 · Miniupnp · Miniupnp Ngiflib

Ramadhan Amizudin

Publicado

2018-05-02

Atualizado

2020-08-24

CVE-2018-10677

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions MiniUPnP ngiflib version 0.4

Description The issue is related to the DecodeGifImg function in ngiflib.c, which lacks checks against width and height. This allows remote attackers to cause a denial of service, resulting in a WritePixels heap-based buffer overflow and application crash, or possibly have other unspecified impacts via a crafted GIF file.

Recommendations For MiniUPnP ngiflib version 0.4, consider disabling the DecodeGifImg function until a patch is available to prevent potential exploitation.

Exploit

Correção

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-787

Identificadores relacionados

CVE-2018-10677

Produtos afetados

Miniupnp Ngiflib

PT-2018-10047 · Miniupnp · Miniupnp Ngiflib

CVE-2018-10677

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4