SB2018050218 - Multiple vulnerabilities in miniupnpd ngiflib
Published: May 2, 2018 Updated: August 8, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 9 secuirty vulnerabilities.
1) Out-of-bounds read (CVE-ID: CVE-2019-20219)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to heap-based buffer over-read in GifIndexToTrueColor in ngiflib.c. A remote attacker can perform a denial of service attack.
2) Heap-based buffer overflow (CVE-ID: CVE-2019-16346)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing data within WritePixel() in ngiflib.c when called from DecodeGifImg. A remote attacker can pass a specially crafted file to the affected application, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
3) Heap-based buffer overflow (CVE-ID: CVE-2019-16347)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing data within WritePixels() in ngiflib.c when called from DecodeGifImg. A remote attacker can pass a specially crafted file to the affected application, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
4) Infinite loop (CVE-ID: CVE-2018-11657)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
ngiflib.c in MiniUPnP ngiflib 0.4 has an infinite loop in DecodeGifImg and LoadGif.
5) Stack-based buffer overflow (CVE-ID: CVE-2018-11575)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in DecodeGifImg. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
6) Out-of-bounds read (CVE-ID: CVE-2018-11576)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to heap-based buffer over-read in GifIndexToTrueColor. A remote attacker can perform a denial of service attack.
7) Buffer overflow (CVE-ID: CVE-2018-11578)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
GifIndexToTrueColor in ngiflib.c in MiniUPnP ngiflib 0.4 has a Segmentation fault.
8) Heap-based buffer overflow (CVE-ID: CVE-2018-10717)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in The DecodeGifImg function in ngiflib.c in MiniUPnP ngiflib 0.4 does not consider the bounds of the pixels data structure, which. A remote attacker can use a crafted GIF file to trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
9) Heap-based buffer overflow (CVE-ID: CVE-2018-10677)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in The DecodeGifImg function in ngiflib.c in MiniUPnP ngiflib 0.4 lacks certain checks against width and height, which. A remote attacker can use a crafted GIF file. to trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.
References
- https://github.com/miniupnp/ngiflib/issues/15
- https://github.com/miniupnp/ngiflib/commit/37d939a6f511d16d4c95678025c235fe62e6417a
- https://github.com/miniupnp/ngiflib/issues/11
- https://github.com/miniupnp/ngiflib/issues/12
- https://github.com/miniupnp/ngiflib/issues/7
- https://github.com/Edward-L/fuzzing-pocs/tree/master/ngiflib
- https://github.com/miniupnp/ngiflib/issues/4
- https://github.com/miniupnp/ngiflib/issues/6
- https://github.com/miniupnp/ngiflib/issues/5
- https://github.com/miniupnp/ngiflib/commit/cf429e0a2fe26b5f01ce0c8e9b79432e94509b6e
- https://github.com/miniupnp/ngiflib/issues/3
- https://github.com/miniupnp/ngiflib/commit/b588a2249c7abbfc52173e32ee11d6facef82f89
- https://github.com/miniupnp/ngiflib/issues/1