CVE-2018-11490

CVSS v3.1 8.8 (High)

CVSS v2.0 6.8 (Medium)

EPSS 0.28 % (69^th)

Affected Products 4

Advisories 4

The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain "Private->RunningCode - 2" array index is not checked. This will lead to a denial of service or possibly unspecified other impact.

Weaknesses

CWE-129: Improper Validation of Array Index
CWE-787: Out-of-bounds Write

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2018-05-26 18:29:00
(6 years ago)
Updated Date: 2023-02-03 19:05:13
(19 months ago)

Affected Products

Configuration #1

		CPE23	From	Up To
	Giflib Project Giflib from 3.0 version and 3.1.1 and prior versions	cpe:2.3:a:giflib_project:giflib	>= 3.0	<= 3.1.1
	Sam2p Project Sam2p 0.49.4	cpe:2.3:a:sam2p_project:sam2p:0.49.4

Configuration #2

		CPE23	From	Up To
	Debian Linux 10.0	cpe:2.3:o:debian:debian_linux:10.0

Configuration #3

		CPE23	From	Up To
	Canonical Ubuntu Linux 16.04	cpe:2.3:o:canonical:ubuntu_linux:16.04:::*:esm
	Canonical Ubuntu Linux 18.04	cpe:2.3:o:canonical:ubuntu_linux:18.04:::*:lts
	Canonical Ubuntu Linux 19.04	cpe:2.3:o:canonical:ubuntu_linux:19.04

Weaknesses

Affected Products

Canonical

Debian

Giflib Project

Sam2p Project

Configuration #1

Configuration #2

Configuration #3