CVE-2018-10717

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-10717

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-10717.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-10717

Published

2018-05-03T17:29:00Z

Modified

2025-10-21T04:26:59.359535Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

The DecodeGifImg function in ngiflib.c in MiniUPnP ngiflib 0.4 does not consider the bounds of the pixels data structure, which allows remote attackers to cause a denial of service (WritePixels heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted GIF file, a different vulnerability than CVE-2018-10677.

References

Affected packages

Git / github.com/miniupnp/ngiflib

Affected ranges

Type: GIT
Repo: https://github.com/miniupnp/ngiflib
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

cf429e0a2fe26b5f01ce0c8e9b79432e94509b6e

Affected versions

0.*

0.1

0.2

0.4

Database specific

vanir_signatures

[
    {
        "signature_version": "v1",
        "source": "https://github.com/miniupnp/ngiflib/commit/cf429e0a2fe26b5f01ce0c8e9b79432e94509b6e",
        "deprecated": false,
        "id": "CVE-2018-10717-05028e87",
        "target": {
            "file": "ngiflib.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "40222433432064176082929800575717582465",
                "62846274079341447038045936196904926572",
                "99371066332013005687906997522328674330",
                "76250921569557969998899316023094286860",
                "250713858605029592680074110365031688960",
                "181493249242074076664243472717836837458",
                "153240117329045849680495743636463112608",
                "336845674459016304589281855031853285477"
            ]
        },
        "signature_type": "Line"
    },
    {
        "signature_version": "v1",
        "source": "https://github.com/miniupnp/ngiflib/commit/cf429e0a2fe26b5f01ce0c8e9b79432e94509b6e",
        "deprecated": false,
        "id": "CVE-2018-10717-7deeec36",
        "target": {
            "function": "DecodeGifImg",
            "file": "ngiflib.c"
        },
        "digest": {
            "function_hash": "43287928949454851532720211538029385299",
            "length": 5952.0
        },
        "signature_type": "Function"
    }
]