PT-2018-3817 · Giflib+4 · Giflib+4

Xin-Jiang

Published

2018-05-24

Updated

2024-06-15

CVE-2018-11490

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions GIFLIB versions 3.0.x sam2p version 0.49.4

Description The issue is related to a heap-based buffer overflow in the DGifDecompressLine function due to an un-checked array index Private->RunningCode - 2. This could lead to a denial of service or other unspecified impact. The vulnerability can be exploited by a remote attacker to access confidential data, compromise data integrity, and cause a denial of service.

Recommendations For GIFLIB versions 3.0.x, consider disabling the DGifDecompressLine function until a patch is available. For sam2p version 0.49.4, restrict access to the DGifDecompressLine function in the cgif.c component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Improper Validation of Array Index

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-129CWE-787

Related Identifiers

BDU:2022-05750

CVE-2018-11490

DLA-3223-1

MGASA-2019-0096

OPENSUSE-SU-2022_1565-1

OPENSUSE-SU-2024:10784-1

SUSE-SU-2022:1565-1

SUSE-SU-2022_1565-1

SUSE-SU-2023:1970-2

SUSE-SU-2024:1622-1

SUSE-SU-2024_1622-1

USN-4107-1

Affected Products

Astra Linux

Giflib

Suse

Ubuntu

Sam2P

PT-2018-3817 · Giflib+4 · Giflib+4

CVE-2018-11490

Weakness Enumeration

Related Identifiers

Affected Products

References · 43