PT-2018-10216 · Free Lossless Image Format+1 · Flif+1

Enchantedjohn

·

Publicado

2018-05-10

·

Atualizado

2024-06-25

·

CVE-2018-10972

CVSS v3.1

7.8

Alta

VetorAV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Free Lossless Image Format (FLIF) version 0.3
Description An issue in the TransformPaletteC::process function allows remote attackers to cause a denial of service or possibly have other impact via a crafted file. The function, located in transform/palette C.hpp, is vulnerable to a heap-based buffer overflow.
Recommendations For Free Lossless Image Format (FLIF) version 0.3, consider avoiding the use of the TransformPaletteC::process function until a patch is available. As a temporary workaround, restrict the processing of crafted files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-787

Identificadores relacionados

ALT-PU-2024-4694
ALT-PU-2024-4724
ALT-PU-2024-4911
ALT-PU-2024-8952
CVE-2018-10972

Produtos afetados

Alt Linux
Flif