PT-2018-3817 · Giflib+4 · Giflib+4

Xin-Jiang

Publicado

2018-05-24

Atualizado

2024-06-15

CVE-2018-11490

CVSS v2.0

9.3

Alta

Vetor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions GIFLIB versions 3.0.x sam2p version 0.49.4

Description The issue is related to a heap-based buffer overflow in the DGifDecompressLine function due to an un-checked array index Private->RunningCode - 2. This could lead to a denial of service or other unspecified impact. The vulnerability can be exploited by a remote attacker to access confidential data, compromise data integrity, and cause a denial of service.

Recommendations For GIFLIB versions 3.0.x, consider disabling the DGifDecompressLine function until a patch is available. For sam2p version 0.49.4, restrict access to the DGifDecompressLine function in the cgif.c component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Improper Validation of Array Index

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-129CWE-787

Identificadores relacionados

BDU:2022-05750

CVE-2018-11490

DLA-3223-1

MGASA-2019-0096

OPENSUSE-SU-2022_1565-1

OPENSUSE-SU-2024:10784-1

SUSE-SU-2022:1565-1

SUSE-SU-2022_1565-1

SUSE-SU-2023:1970-2

SUSE-SU-2024:1622-1

SUSE-SU-2024_1622-1

USN-4107-1

Produtos afetados

Astra Linux

Giflib

Suse

Ubuntu

Sam2P

PT-2018-3817 · Giflib+4 · Giflib+4

CVE-2018-11490

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 43