CVE-2018-11575

Vulnerability

A stack-based buffer overflow exists in DecodeGifImg() in ngiflib.c in ngiflib 0.4 (commit 93d864a). The vulnerability occurs at line 543 when a specially crafted GIF image is processed, causing a write of size 1 beyond the bounds of the ab_stack local array. This results in a stack-buffer-overflow condition [1][2].

Exploitation

An attacker can trigger the overflow by providing a malicious GIF file to any application that uses the affected ngiflib version for decoding. No special authentication or network position is required; the attack vector is file-based. The overflow manifests during the normal GIF decoding pipeline when DecodeGifImg is called from LoadGif at line 789 [1][2].

Impact

Successful exploitation causes a stack buffer overflow, which may lead to a denial of service (crash) or, under controlled conditions, arbitrary code execution with the privileges of the process using ngiflib. The address sanitizer report confirms a write of size 1 at a controlled offset [1][2].

Mitigation

As of the available references, no fixed version has been released. Users should monitor the official ngiflib repository for patches. No known workarounds are documented; restricting processing of untrusted GIF files may reduce risk [1][2].