CVE-2021-36530

Name of the Vulnerable Software and Affected Versions ngiflib version 0.4

Description The issue is a heap overflow in the GetByteStr() function at ngiflib.c:108 when in NGIFLIB NO FILE mode. This occurs because GetByteStr() copies a memory buffer without checking its boundary, leading to potential exploitation.

Recommendations For ngiflib version 0.4, as a temporary workaround, consider disabling the GetByteStr() function until a patch is available. Restrict access to the ngiflib.c file, specifically the GetByteStr() function at line 108, to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.