CVE-2018-11489

Published: 26/05/2018 Updated: 07/11/2023

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain CrntCode array index is not checked. This will lead to a denial of service or possibly unspecified other impact.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sam2p project sam2p 0.49.4
giflib project giflib

Debian Bug report logs - #904113 CVE-2018-11489 Package: src:giflib; Maintainer for src:giflib is Debian QA Group <packages@qadebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Thu, 19 Jul 2018 21:39:02 UTC Severity: important Tags: security, upstream Found in version giflib/514-01 Forwarded ...

The DGifDecompressLine function in dgif_libc in GIFLIB (possibly version 30x), as later shipped in cgifc in sam2p 0494, has a heap-based buffer overflow because a certain CrntCode array index is not checked This will lead to a denial of service or possibly unspecified other impact ...

CWE-787 CWE-129 https://github.com/pts/sam2p/issues/37 http://www.securityfocus.com/bid/104341 https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904113 https://access.redhat.com/security/cve/cve-2018-11489

CVE-2018-11489

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect