CVE-2018-10717 Information
Feb 14, 2021
cve
Description
The DecodeGifImg function in ngiflib.c in MiniUPnP ngiflib 0.4 does not consider the bounds of the pixels data structure which allows remote attackers to cause a denial of service (WritePixels heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted GIF file a different vulnerability than CVE-2018-10677.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Reference
https://github.com/miniupnp/ngiflib/commit/cf429e0a2fe26b5f01ce0c8e9b79432e94509b6e https://github.com/miniupnp/ngiflib/issues/3
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
REQUIRED
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
8.8
Share on: