CVE-2018-10677
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2018-10677
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-10677.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2018-10677
- Published
- 2018-05-02T19:29:00.230Z
- Modified
- 2025-11-20T10:44:57.187917Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The DecodeGifImg function in ngiflib.c in MiniUPnP ngiflib 0.4 lacks certain checks against width and height, which allows remote attackers to cause a denial of service (WritePixels heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted GIF file.
- References
Affected packages
Git / github.com/miniupnp/ngiflib
Affected ranges
- Type
- GIT
- Repo
- https://github.com/miniupnp/ngiflib
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Database specific
vanir_signatures
[
{
"id": "CVE-2018-10677-2ca45ac9",
"target": {
"file": "ngiflib.c",
"function": "DecodeGifImg"
},
"digest": {
"length": 5096.0,
"function_hash": "33508924308025978341435952235190963960"
},
"deprecated": false,
"signature_type": "Function",
"source": "https://github.com/miniupnp/ngiflib/commit/b588a2249c7abbfc52173e32ee11d6facef82f89",
"signature_version": "v1"
},
{
"id": "CVE-2018-10677-c1ba829a",
"target": {
"file": "ngiflib.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"198165980739250519361350111986338815638",
"264020577666351890927509109311843218964",
"205485030750798813326074664223607360255"
]
},
"deprecated": false,
"signature_type": "Line",
"source": "https://github.com/miniupnp/ngiflib/commit/b588a2249c7abbfc52173e32ee11d6facef82f89",
"signature_version": "v1"
}
]