miniupnp/ngiflib

GitHub

github.com

Releases4

Frequency2 years 4 months

Last Release over 2 years ago

Stars11

GIF picture format decoding library written in C

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2020-24221 ↗	Aug 11, 2023Friday, 11 August 2023, 14:15	5.5 MEDIUM	—
An issue was discovered in GetByte function in miniupnp ngiflib version 0.4, allows local attackers to cause a denial of service (DoS) via crafted .gif file (infinite loop).
CVE-2023-39114 ↗	Aug 2, 2023Wednesday, 2 August 2023, 23:15	5.5 MEDIUM	—
ngiflib commit 84a75 was discovered to contain a segmentation violation via the function SDL_LoadAnimatedGif at ngiflibSDL.c. This vulnerability is triggered when running the program SDLaffgif.
CVE-2023-39113 ↗	Aug 2, 2023Wednesday, 2 August 2023, 23:15	5.5 MEDIUM	—
ngiflib commit fb271 was discovered to contain a segmentation violation via the function "main" at gif2tag.c. This vulnerability is triggered when running the program gif2tga.
CVE-2023-37748 ↗	Jul 19, 2023Wednesday, 19 July 2023, 17:15	5.5 MEDIUM	—
ngiflib commit 5e7292 was discovered to contain an infinite loop via the function DecodeGifImg at ngiflib.c.
CVE-2022-30858 ↗	Jul 17, 2023Monday, 17 July 2023, 19:15	6.5 MEDIUM	—
An issue was discovered in ngiflib 0.4. There is SEGV in SDL_LoadAnimatedGif when use SDLaffgif. poc : ./SDLaffgif CA_file2_0
CVE-2021-36531 ↗	Aug 27, 2021Friday, 27 August 2021, 16:15	8.8 HIGH	6.8 MEDIUM
ngiflib 0.4 has a heap overflow in GetByte() at ngiflib.c:70 in NGIFLIB_NO_FILE mode, GetByte() reads memory buffer without checking the boundary.
CVE-2021-36530 ↗	Aug 27, 2021Friday, 27 August 2021, 16:15	8.8 HIGH	6.8 MEDIUM
ngiflib 0.4 has a heap overflow in GetByteStr() at ngiflib.c:108 in NGIFLIB_NO_FILE mode, GetByteStr() copy memory buffer without checking the boundary.
CVE-2019-20219 ↗	Jan 2, 2020Thursday, 2 January 2020, 15:15	8.8 HIGH	6.8 MEDIUM
ngiflib 0.4 has a heap-based buffer over-read in GifIndexToTrueColor in ngiflib.c.
CVE-2019-19011 ↗	Nov 17, 2019Sunday, 17 November 2019, 18:15	7.5 HIGH	5 MEDIUM
MiniUPnP ngiflib 0.4 has a NULL pointer dereference in GifIndexToTrueColor in ngiflib.c via a file that lacks a palette.
CVE-2019-16347 ↗	Sep 16, 2019Monday, 16 September 2019, 13:15	8.8 HIGH	6.8 MEDIUM
ngiflib 0.4 has a heap-based buffer overflow in WritePixels() in ngiflib.c when called from DecodeGifImg, because deinterlacing for small pictures is mishandled.
CVE-2019-16346 ↗	Sep 16, 2019Monday, 16 September 2019, 13:15	8.8 HIGH	6.8 MEDIUM
ngiflib 0.4 has a heap-based buffer overflow in WritePixel() in ngiflib.c when called from DecodeGifImg, because deinterlacing for small pictures is mishandled.
CVE-2018-11657 ↗	Jun 1, 2018Friday, 1 June 2018, 15:29	—	5 MEDIUM
ngiflib.c in MiniUPnP ngiflib 0.4 has an infinite loop in DecodeGifImg and LoadGif.
CVE-2018-11578 ↗	May 31, 2018Thursday, 31 May 2018, 00:29	—	4.3 MEDIUM
GifIndexToTrueColor in ngiflib.c in MiniUPnP ngiflib 0.4 has a Segmentation fault.
CVE-2018-11576 ↗	May 31, 2018Thursday, 31 May 2018, 00:29	—	7.5 HIGH
ngiflib.c in MiniUPnP ngiflib 0.4 has a heap-based buffer over-read in GifIndexToTrueColor.
CVE-2018-11575 ↗	May 31, 2018Thursday, 31 May 2018, 00:29	—	7.5 HIGH
ngiflib.c in MiniUPnP ngiflib 0.4 has a stack-based buffer overflow in DecodeGifImg.
CVE-2018-10717 ↗	May 3, 2018Thursday, 3 May 2018, 17:29	—	6.8 MEDIUM
The DecodeGifImg function in ngiflib.c in MiniUPnP ngiflib 0.4 does not consider the bounds of the pixels data structure, which allows remote attackers to cause a denial of service (WritePixels heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted GIF file, a different vulnerability than CVE-2018-10677.
CVE-2018-10677 ↗	May 2, 2018Wednesday, 2 May 2018, 19:29	—	6.8 MEDIUM
The DecodeGifImg function in ngiflib.c in MiniUPnP ngiflib 0.4 lacks certain checks against width and height, which allows remote attackers to cause a denial of service (WritePixels heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted GIF file.