CVE-2018-11490
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD
Description
The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain "Private->RunningCode - 2" array index is not checked. This will lead to a denial of service or possibly unspecified other impact.
Affected (6)
Show all products
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| From 3.0 to 3.1.1 | |
| Version 0.49.4 |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Version 10.0 |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Version 16.04 |
Related CWEs
CWE-129
Improper Validation of Array Index
The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.
CWE-787
Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.
References (8)
Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Timeline
No history available yet.