CVE-2018-11578

Vulnerability

GifIndexToTrueColor in ngiflib.c (line 808) in MiniUPnP ngiflib version 0.4 causes a segmentation fault when processing a specially crafted GIF file. The issue is triggered by an invalid memory access, as reported by AddressSanitizer [2]. Additionally, a related stack-buffer-overflow in DecodeGifImg (line 543) has been observed [1]. The vulnerability exists in the ngiflib library as used by tools like gif2tga.

Exploitation

An attacker can exploit this vulnerability by providing a malicious GIF file to an application that uses the affected ngiflib library. No authentication or special network position is required; the attack is local or remote if the application processes user-supplied GIF files. The crash occurs during the decoding process, specifically when GifIndexToTrueColor is called from WritePixels [2].

Impact

Successful exploitation results in a denial of service (DoS) due to application crash. The segmentation fault terminates the process, preventing further processing. There is no indication of code execution or information disclosure in the available references.

Mitigation

As of the publication date (2018-05-31), no official patch or fixed version has been disclosed in the available references [1][2]. Users should consider avoiding processing untrusted GIF files with ngiflib 0.4 until a fix is released. The library may be considered end-of-life or unmaintained.