PT-2018-10216 · Free Lossless Image Format+1 · Flif+1

Enchantedjohn

·

Published

2018-05-10

·

Updated

2024-06-25

·

CVE-2018-10972

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Free Lossless Image Format (FLIF) version 0.3
Description An issue in the TransformPaletteC::process function allows remote attackers to cause a denial of service or possibly have other impact via a crafted file. The function, located in transform/palette C.hpp, is vulnerable to a heap-based buffer overflow.
Recommendations For Free Lossless Image Format (FLIF) version 0.3, consider avoiding the use of the TransformPaletteC::process function until a patch is available. As a temporary workaround, restrict the processing of crafted files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALT-PU-2024-4694
ALT-PU-2024-4724
ALT-PU-2024-4911
ALT-PU-2024-8952
CVE-2018-10972

Affected Products

Alt Linux
Flif