Skip to main content

Ngiflib CVE-2018-11575

CRITICAL
Out-of-bounds Write (CWE-787)
2018-05-31 cve@mitre.org
9.8
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
May 31, 2018 - 00:29 nvd
CRITICAL 9.8

DescriptionNVD

ngiflib.c in MiniUPnP ngiflib 0.4 has a stack-based buffer overflow in DecodeGifImg.

AnalysisAI

ngiflib.c in MiniUPnP ngiflib 0.4 has a stack-based buffer overflow in DecodeGifImg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Write (CWE-787), which allows attackers to write data beyond allocated buffer boundaries leading to code execution or crashes. ngiflib.c in MiniUPnP ngiflib 0.4 has a stack-based buffer overflow in DecodeGifImg. Affected products include: Miniupnp Project Ngiflib.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate write boundaries, use memory-safe languages, enable compiler protections (ASLR, stack canaries).

CVE-2018-11576 CRITICAL POC
9.8 May 31

ngiflib.c in MiniUPnP ngiflib 0.4 has a heap-based buffer over-read in GifIndexToTrueColor. Rated critical severity (CVS

CVE-2021-36531 HIGH POC
8.8 Aug 27

ngiflib 0.4 has a heap overflow in GetByte() at ngiflib.c:70 in NGIFLIB_NO_FILE mode, GetByte() reads memory buffer with

CVE-2021-36530 HIGH POC
8.8 Aug 27

ngiflib 0.4 has a heap overflow in GetByteStr() at ngiflib.c:108 in NGIFLIB_NO_FILE mode, GetByteStr() copy memory buffe

CVE-2019-16346 HIGH POC
8.8 Sep 16

ngiflib 0.4 has a heap-based buffer overflow in WritePixel() in ngiflib.c when called from DecodeGifImg, because deinter

CVE-2018-10717 HIGH POC
8.8 May 03

The DecodeGifImg function in ngiflib.c in MiniUPnP ngiflib 0.4 does not consider the bounds of the pixels data structure

CVE-2018-10677 HIGH POC
8.8 May 02

The DecodeGifImg function in ngiflib.c in MiniUPnP ngiflib 0.4 lacks certain checks against width and height, which allo

CVE-2019-19011 HIGH POC
7.5 Nov 17

MiniUPnP ngiflib 0.4 has a NULL pointer dereference in GifIndexToTrueColor in ngiflib.c via a file that lacks a palette.

CVE-2018-11578 MEDIUM POC
6.5 May 31

GifIndexToTrueColor in ngiflib.c in MiniUPnP ngiflib 0.4 has a Segmentation fault. Rated medium severity (CVSS 6.5), thi

CVE-2023-39114 MEDIUM POC
5.5 Aug 02

ngiflib commit 84a75 was discovered to contain a segmentation violation via the function SDL_LoadAnimatedGif at ngiflibS

CVE-2023-39113 MEDIUM POC
5.5 Aug 02

ngiflib commit fb271 was discovered to contain a segmentation violation via the function "main" at gif2tag.c. Rated medi

CVE-2023-37748 MEDIUM POC
5.5 Jul 19

ngiflib commit 5e7292 was discovered to contain an infinite loop via the function DecodeGifImg at ngiflib.c. Rated mediu

CVE-2019-16347 HIGH
8.8 Sep 16

ngiflib 0.4 has a heap-based buffer overflow in WritePixels() in ngiflib.c when called from DecodeGifImg, because deinte

Share

CVE-2018-11575 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy