CVE-2019-19011

Vulnerability

A NULL pointer dereference vulnerability exists in ngiflib version 0.4 in the GifIndexToTrueColor function located in ngiflib.c:844. The issue occurs when processing a GIF file that lacks a palette, causing the code to attempt to access a color table entry via a NULL pointer. Affected versions include commit 992d272 and earlier.

Exploitation

An attacker can exploit this vulnerability by supplying a specially crafted GIF file that omits the palette data. The file must be processed by an application using ngiflib, such as the gif2tga binary. No authentication or special privileges are required; the attack is achieved by luring a user into opening the malicious file via a browser, email client, or other file-processing mechanism.

Impact

Successful exploitation results in a denial of service condition (segmentation fault), as confirmed by AddressSanitizer output showing a SEGV on unknown address 0x000000000005. The NULL pointer dereference crashes the application, potentially leading to service disruption. No code execution or privilege escalation has been demonstrated.

Mitigation

As of November 2019, no official fix has been released for ngiflib 0.4. The issue is tracked in the ngiflib GitHub repository [1]; users should monitor for an update containing input validation for palette data before dereferencing the color table pointer. If possible, avoid processing untrusted GIF files with affected versions.