PT-2018-10047 · Miniupnp · Miniupnp Ngiflib
Ramadhan Amizudin
·
Published
2018-05-02
·
Updated
2020-08-24
·
CVE-2018-10677
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
MiniUPnP ngiflib version 0.4
Description
The issue is related to the DecodeGifImg function in ngiflib.c, which lacks checks against width and height. This allows remote attackers to cause a denial of service, resulting in a WritePixels heap-based buffer overflow and application crash, or possibly have other unspecified impacts via a crafted GIF file.
Recommendations
For MiniUPnP ngiflib version 0.4, consider disabling the DecodeGifImg function until a patch is available to prevent potential exploitation.
Exploit
Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Miniupnp Ngiflib