CVE-2018-1000524

Name of the Vulnerable Software and Affected Versions miniSphere versions prior to 5.2.10

Description The issue is related to an Integer Overflow in the layer resize() function in map engine.c, which can lead to a remote denial of service. This can be exploited by loading a specially-crafted map that calls SetLayerSize in its entry script.

Recommendations For miniSphere versions prior to 5.2.10, update to version 5.2.10 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the layer resize() function or restricting the loading of maps that call SetLayerSize in their entry scripts until a patch is applied.