PT-2018-11470 · Miniz · Miniz
Edward-Lo
·
Publicado
2018-06-27
·
Atualizado
2019-10-03
·
CVE-2018-12913
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Miniz version 2.0.7
Description
The issue is caused by an infinite loop in the tinfl decompress function in miniz tinfl.c. This occurs because the
sym2 and counter variables can both remain equal to zero.Recommendations
For Miniz version 2.0.7, consider modifying the tinfl decompress function to prevent the infinite loop by ensuring
sym2 and counter are updated correctly. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Infinite Loop
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Miniz