CVE-2018-10677
Description
The DecodeGifImg function in ngiflib.c in MiniUPnP ngiflib 0.4 lacks certain checks against width and height, which allows remote attackers to cause a denial of service (WritePixels heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted GIF file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Missing width/height validation in ngiflib 0.4 leads to heap buffer overflow via crafted GIF, causing denial of service or potential code execution.
Vulnerability
The DecodeGifImg function in ngiflib.c in MiniUPnP ngiflib version 0.4 lacks sufficient checks on the width and height fields of a GIF image. This allows a remote attacker to supply a crafted GIF with dimensions that exceed the global canvas, leading to a heap-buffer-overflow in the WritePixels function [1][2].
Exploitation
An attacker can exploit this vulnerability by providing a specially crafted GIF file. No authentication is required; the victim only needs to load the GIF using an application that relies on ngiflib. The crafted image triggers a heap buffer overflow during decompression, as confirmed by AddressSanitizer output [1].
Impact
Successful exploitation results in a heap-based buffer overflow, which can cause the application to crash (denial of service). The official description also notes a possibility of "unspecified other impact," which may include arbitrary code execution, though this is not confirmed in the referenced sources [1][2].
Mitigation
The vulnerability is fixed in commit b588a22 [2]. Users should update to a version of ngiflib that includes this commit (e.g., version 0.4.1 or later). If an immediate update is not possible, avoid processing untrusted GIF files as a workaround.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
20.1, 0.2, 0.4+ 1 more
- (no CPE)range: 0.1, 0.2, 0.4
- (no CPE)range: = 0.4
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- github.com/miniupnp/ngiflib/commit/b588a2249c7abbfc52173e32ee11d6facef82f89mitrex_refsource_CONFIRM
- github.com/miniupnp/ngiflib/issues/1mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.