PT-2018-10063 · Miniupnp · Miniupnp Ngiflib
Nafiezo
·
Publicado
2018-05-03
·
Atualizado
2020-08-24
·
CVE-2018-10717
CVSS v3.1
8.8
Alta
| Vetor | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
MiniUPnP ngiflib version 0.4
Description
The issue is related to the DecodeGifImg function in ngiflib.c, which does not consider the bounds of the pixels data structure. This allows remote attackers to cause a denial of service, resulting in a WritePixels heap-based buffer overflow and application crash, or possibly have other unspecified impacts via a crafted GIF file.
Recommendations
For MiniUPnP ngiflib version 0.4, consider disabling the DecodeGifImg function until a patch is available to prevent potential exploitation. Restrict access to handling GIF files to minimize the risk of a denial of service or other impacts.
Exploit
Correção
Memory Corruption
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Miniupnp Ngiflib