Vendor CVEs
Miniupnp Project
All CVEs
34 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-8798 | Cri | 0.69 | 9.8 | 0.24 | May 11, 2017 | Integer signedness error in MiniUPnP MiniUPnPc v1.4.20101221 through v2.0 allows remote attackers to cause a denial of service or possibly have unspecified other impact. | ||
| CVE-2018-11576 | Cri | 0.64 | 9.8 | 0.01 | May 31, 2018 | ngiflib.c in MiniUPnP ngiflib 0.4 has a heap-based buffer over-read in GifIndexToTrueColor. | ||
| CVE-2018-11575 | Cri | 0.64 | 9.8 | 0.02 | May 31, 2018 | ngiflib.c in MiniUPnP ngiflib 0.4 has a stack-based buffer overflow in DecodeGifImg. | ||
| CVE-2015-20111 | Cri | 0.57 | 9.8 | 0.01 | Nov 18, 2024 | miniupnp before 4c90b87, as used in Bitcoin Core before 0.12 and other products, lacks checks for snprintf return values, leading to a buffer overflow and significant data leak, a different vulnerability than CVE-2019-12107. In Bitcoin Core before 0.12, remote code execution was… | ||
| CVE-2026-5720 | Cri | 0.52 | 9.1 | 0.01 | Apr 17, 2026 | miniupnpd contains an integer underflow vulnerability in SOAPAction header parsing that allows remote attackers to cause a denial of service or information disclosure by sending a malformed SOAPAction header with a single quote. Attackers can trigger an out-of-bounds memory read… | ||
| CVE-2018-11657 | Hig | 0.49 | 7.5 | 0.01 | Jun 1, 2018 | ngiflib.c in MiniUPnP ngiflib 0.4 has an infinite loop in DecodeGifImg and LoadGif. | ||
| CVE-2018-11578 | Med | 0.42 | 6.5 | 0.01 | May 31, 2018 | GifIndexToTrueColor in ngiflib.c in MiniUPnP ngiflib 0.4 has a Segmentation fault. | ||
| CVE-2016-3179 | Med | 0.36 | 5.5 | 0.00 | Mar 24, 2017 | The processRequest function in minissdpd.c in MiniSSDPd 1.2.20130907-3 allows local users to cause a denial of service (invalid free and daemon crash) via vectors related to error handling. | ||
| CVE-2016-3178 | Med | 0.36 | 5.5 | 0.00 | Mar 24, 2017 | The processRequest function in minissdpd.c in MiniSSDPd 1.2.20130907-3 allows local users to cause a denial of service (out-of-bounds memory access and daemon crash) via vectors involving a negative length value. | ||
| CVE-2013-0230 | 0.09 | — | 0.69 | Jan 31, 2013 | Stack-based buffer overflow in the ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to execute arbitrary code via a long quoted method. | |||
| CVE-2013-0229 | 0.09 | — | 0.76 | Jan 31, 2013 | The ProcessSSDPRequest function in minissdp.c in the SSDP handler in MiniUPnP MiniUPnPd before 1.4 allows remote attackers to cause a denial of service (service crash) via a crafted request that triggers a buffer over-read. | |||
| CVE-2020-24221 | 0.00 | — | 0.00 | Aug 11, 2023 | An issue was discovered in GetByte function in miniupnp ngiflib version 0.4, allows local attackers to cause a denial of service (DoS) via crafted .gif file (infinite loop). | |||
| CVE-2023-39114 | 0.00 | — | 0.00 | Aug 2, 2023 | ngiflib commit 84a75 was discovered to contain a segmentation violation via the function SDL_LoadAnimatedGif at ngiflibSDL.c. This vulnerability is triggered when running the program SDLaffgif. | |||
| CVE-2023-39113 | 0.00 | — | 0.00 | Aug 2, 2023 | ngiflib commit fb271 was discovered to contain a segmentation violation via the function "main" at gif2tag.c. This vulnerability is triggered when running the program gif2tga. | |||
| CVE-2023-37748 | 0.00 | — | 0.00 | Jul 19, 2023 | ngiflib commit 5e7292 was discovered to contain an infinite loop via the function DecodeGifImg at ngiflib.c. | |||
| CVE-2022-30858 | 0.00 | — | 0.01 | Jul 17, 2023 | An issue was discovered in ngiflib 0.4. There is SEGV in SDL_LoadAnimatedGif when use SDLaffgif. poc : ./SDLaffgif CA_file2_0 | |||
| CVE-2021-36531 | 0.00 | — | 0.01 | Aug 27, 2021 | ngiflib 0.4 has a heap overflow in GetByte() at ngiflib.c:70 in NGIFLIB_NO_FILE mode, GetByte() reads memory buffer without checking the boundary. | |||
| CVE-2019-20219 | 0.00 | — | 0.01 | Jan 2, 2020 | ngiflib 0.4 has a heap-based buffer over-read in GifIndexToTrueColor in ngiflib.c. | |||
| CVE-2019-19011 | 0.00 | — | 0.02 | Nov 16, 2019 | MiniUPnP ngiflib 0.4 has a NULL pointer dereference in GifIndexToTrueColor in ngiflib.c via a file that lacks a palette. | |||
| CVE-2019-16346 | 0.00 | — | 0.02 | Sep 16, 2019 | ngiflib 0.4 has a heap-based buffer overflow in WritePixel() in ngiflib.c when called from DecodeGifImg, because deinterlacing for small pictures is mishandled. | |||
| CVE-2019-16347 | 0.00 | — | 0.01 | Sep 16, 2019 | ngiflib 0.4 has a heap-based buffer overflow in WritePixels() in ngiflib.c when called from DecodeGifImg, because deinterlacing for small pictures is mishandled. | |||
| CVE-2019-12111 | 0.00 | — | 0.03 | May 15, 2019 | A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in copyIPv6IfDifferent in pcpserver.c. | |||
| CVE-2019-12110 | 0.00 | — | 0.03 | May 15, 2019 | An AddPortMapping Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in upnpredirect.c. | |||
| CVE-2019-12109 | 0.00 | — | 0.03 | May 15, 2019 | A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in GetOutboundPinholeTimeout in upnpsoap.c for rem_port. | |||
| CVE-2019-12108 | 0.00 | — | 0.03 | May 15, 2019 | A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in GetOutboundPinholeTimeout in upnpsoap.c for int_port. | |||
| CVE-2019-12107 | 0.00 | — | 0.03 | May 15, 2019 | The upnp_event_prepare function in upnpevents.c in MiniUPnP MiniUPnPd through 2.1 allows a remote attacker to leak information from the heap due to improper validation of an snprintf return value. | |||
| CVE-2019-12106 | 0.00 | — | 0.03 | May 15, 2019 | The updateDevice function in minissdpd.c in MiniUPnP MiniSSDPd 1.4 and 1.5 allows a remote attacker to crash the process due to a Use After Free vulnerability. | |||
| CVE-2018-10717 | Hig | 0.00 | 8.8 | 0.02 | May 3, 2018 | The DecodeGifImg function in ngiflib.c in MiniUPnP ngiflib 0.4 does not consider the bounds of the pixels data structure, which allows remote attackers to cause a denial of service (WritePixels heap-based buffer overflow and application crash) or possibly have unspecified other… | ||
| CVE-2018-10677 | Hig | 0.00 | 8.8 | 0.02 | May 2, 2018 | The DecodeGifImg function in ngiflib.c in MiniUPnP ngiflib 0.4 lacks certain checks against width and height, which allows remote attackers to cause a denial of service (WritePixels heap-based buffer overflow and application crash) or possibly have unspecified other impact via a… | ||
| CVE-2017-1000494 | Hig | 0.00 | 7.8 | 0.00 | Jan 3, 2018 | Uninitialized stack variable vulnerability in NameValueParserEndElt (upnpreplyparse.c) in miniupnpd < 2.0 allows an attacker to cause Denial of Service (Segmentation fault and Memory Corruption) or possibly have unspecified other impact | ||
| CVE-2015-6031 | 0.00 | — | 0.05 | Nov 2, 2015 | Buffer overflow in the IGDstartelt function in igd_desc_parse.c in the MiniUPnP client (aka MiniUPnPc) before 1.9.20150917 allows remote UPNP servers to cause a denial of service (application crash) and possibly execute arbitrary code via an "oversized" XML element name. | |||
| CVE-2014-3985 | 0.00 | — | 0.03 | Sep 11, 2014 | The getHTTPResponse function in miniwget.c in MiniUPnP 1.9 allows remote attackers to cause a denial of service (crash) via crafted headers that trigger an out-of-bounds read. | |||
| CVE-2013-1462 | 0.00 | — | 0.02 | Jan 31, 2013 | Integer signedness error in the ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to cause a denial of service (incorrect memory copy) via a SOAPAction header that lacks a " (double quote) character, a… | |||
| CVE-2013-1461 | 0.00 | — | 0.03 | Jan 31, 2013 | The ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to cause a denial of service (NULL pointer dereference and service crash) via a SOAPAction header that lacks a # (pound sign) character, a different… |
- risk 0.69cvss 9.8epss 0.24
Integer signedness error in MiniUPnP MiniUPnPc v1.4.20101221 through v2.0 allows remote attackers to cause a denial of service or possibly have unspecified other impact.
- risk 0.64cvss 9.8epss 0.01
ngiflib.c in MiniUPnP ngiflib 0.4 has a heap-based buffer over-read in GifIndexToTrueColor.
- risk 0.64cvss 9.8epss 0.02
ngiflib.c in MiniUPnP ngiflib 0.4 has a stack-based buffer overflow in DecodeGifImg.
- risk 0.57cvss 9.8epss 0.01
miniupnp before 4c90b87, as used in Bitcoin Core before 0.12 and other products, lacks checks for snprintf return values, leading to a buffer overflow and significant data leak, a different vulnerability than CVE-2019-12107. In Bitcoin Core before 0.12, remote code execution was…
- risk 0.52cvss 9.1epss 0.01
miniupnpd contains an integer underflow vulnerability in SOAPAction header parsing that allows remote attackers to cause a denial of service or information disclosure by sending a malformed SOAPAction header with a single quote. Attackers can trigger an out-of-bounds memory read…
- risk 0.49cvss 7.5epss 0.01
ngiflib.c in MiniUPnP ngiflib 0.4 has an infinite loop in DecodeGifImg and LoadGif.
- risk 0.42cvss 6.5epss 0.01
GifIndexToTrueColor in ngiflib.c in MiniUPnP ngiflib 0.4 has a Segmentation fault.
- risk 0.36cvss 5.5epss 0.00
The processRequest function in minissdpd.c in MiniSSDPd 1.2.20130907-3 allows local users to cause a denial of service (invalid free and daemon crash) via vectors related to error handling.
- risk 0.36cvss 5.5epss 0.00
The processRequest function in minissdpd.c in MiniSSDPd 1.2.20130907-3 allows local users to cause a denial of service (out-of-bounds memory access and daemon crash) via vectors involving a negative length value.
- CVE-2013-0230Jan 31, 2013risk 0.09cvss —epss 0.69
Stack-based buffer overflow in the ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to execute arbitrary code via a long quoted method.
- CVE-2013-0229Jan 31, 2013risk 0.09cvss —epss 0.76
The ProcessSSDPRequest function in minissdp.c in the SSDP handler in MiniUPnP MiniUPnPd before 1.4 allows remote attackers to cause a denial of service (service crash) via a crafted request that triggers a buffer over-read.
- CVE-2020-24221Aug 11, 2023risk 0.00cvss —epss 0.00
An issue was discovered in GetByte function in miniupnp ngiflib version 0.4, allows local attackers to cause a denial of service (DoS) via crafted .gif file (infinite loop).
- CVE-2023-39114Aug 2, 2023risk 0.00cvss —epss 0.00
ngiflib commit 84a75 was discovered to contain a segmentation violation via the function SDL_LoadAnimatedGif at ngiflibSDL.c. This vulnerability is triggered when running the program SDLaffgif.
- CVE-2023-39113Aug 2, 2023risk 0.00cvss —epss 0.00
ngiflib commit fb271 was discovered to contain a segmentation violation via the function "main" at gif2tag.c. This vulnerability is triggered when running the program gif2tga.
- CVE-2023-37748Jul 19, 2023risk 0.00cvss —epss 0.00
ngiflib commit 5e7292 was discovered to contain an infinite loop via the function DecodeGifImg at ngiflib.c.
- CVE-2022-30858Jul 17, 2023risk 0.00cvss —epss 0.01
An issue was discovered in ngiflib 0.4. There is SEGV in SDL_LoadAnimatedGif when use SDLaffgif. poc : ./SDLaffgif CA_file2_0
- CVE-2021-36531Aug 27, 2021risk 0.00cvss —epss 0.01
ngiflib 0.4 has a heap overflow in GetByte() at ngiflib.c:70 in NGIFLIB_NO_FILE mode, GetByte() reads memory buffer without checking the boundary.
- CVE-2019-20219Jan 2, 2020risk 0.00cvss —epss 0.01
ngiflib 0.4 has a heap-based buffer over-read in GifIndexToTrueColor in ngiflib.c.
- CVE-2019-19011Nov 16, 2019risk 0.00cvss —epss 0.02
MiniUPnP ngiflib 0.4 has a NULL pointer dereference in GifIndexToTrueColor in ngiflib.c via a file that lacks a palette.
- CVE-2019-16346Sep 16, 2019risk 0.00cvss —epss 0.02
ngiflib 0.4 has a heap-based buffer overflow in WritePixel() in ngiflib.c when called from DecodeGifImg, because deinterlacing for small pictures is mishandled.
- CVE-2019-16347Sep 16, 2019risk 0.00cvss —epss 0.01
ngiflib 0.4 has a heap-based buffer overflow in WritePixels() in ngiflib.c when called from DecodeGifImg, because deinterlacing for small pictures is mishandled.
- CVE-2019-12111May 15, 2019risk 0.00cvss —epss 0.03
A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in copyIPv6IfDifferent in pcpserver.c.
- CVE-2019-12110May 15, 2019risk 0.00cvss —epss 0.03
An AddPortMapping Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in upnpredirect.c.
- CVE-2019-12109May 15, 2019risk 0.00cvss —epss 0.03
A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in GetOutboundPinholeTimeout in upnpsoap.c for rem_port.
- CVE-2019-12108May 15, 2019risk 0.00cvss —epss 0.03
A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in GetOutboundPinholeTimeout in upnpsoap.c for int_port.
- CVE-2019-12107May 15, 2019risk 0.00cvss —epss 0.03
The upnp_event_prepare function in upnpevents.c in MiniUPnP MiniUPnPd through 2.1 allows a remote attacker to leak information from the heap due to improper validation of an snprintf return value.
- CVE-2019-12106May 15, 2019risk 0.00cvss —epss 0.03
The updateDevice function in minissdpd.c in MiniUPnP MiniSSDPd 1.4 and 1.5 allows a remote attacker to crash the process due to a Use After Free vulnerability.
- risk 0.00cvss 8.8epss 0.02
The DecodeGifImg function in ngiflib.c in MiniUPnP ngiflib 0.4 does not consider the bounds of the pixels data structure, which allows remote attackers to cause a denial of service (WritePixels heap-based buffer overflow and application crash) or possibly have unspecified other…
- risk 0.00cvss 8.8epss 0.02
The DecodeGifImg function in ngiflib.c in MiniUPnP ngiflib 0.4 lacks certain checks against width and height, which allows remote attackers to cause a denial of service (WritePixels heap-based buffer overflow and application crash) or possibly have unspecified other impact via a…
- risk 0.00cvss 7.8epss 0.00
Uninitialized stack variable vulnerability in NameValueParserEndElt (upnpreplyparse.c) in miniupnpd < 2.0 allows an attacker to cause Denial of Service (Segmentation fault and Memory Corruption) or possibly have unspecified other impact
- CVE-2015-6031Nov 2, 2015risk 0.00cvss —epss 0.05
Buffer overflow in the IGDstartelt function in igd_desc_parse.c in the MiniUPnP client (aka MiniUPnPc) before 1.9.20150917 allows remote UPNP servers to cause a denial of service (application crash) and possibly execute arbitrary code via an "oversized" XML element name.
- CVE-2014-3985Sep 11, 2014risk 0.00cvss —epss 0.03
The getHTTPResponse function in miniwget.c in MiniUPnP 1.9 allows remote attackers to cause a denial of service (crash) via crafted headers that trigger an out-of-bounds read.
- CVE-2013-1462Jan 31, 2013risk 0.00cvss —epss 0.02
Integer signedness error in the ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to cause a denial of service (incorrect memory copy) via a SOAPAction header that lacks a " (double quote) character, a…
- CVE-2013-1461Jan 31, 2013risk 0.00cvss —epss 0.03
The ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to cause a denial of service (NULL pointer dereference and service crash) via a SOAPAction header that lacks a # (pound sign) character, a different…