{"id":"CVE-2018-10717","details":"The DecodeGifImg function in ngiflib.c in MiniUPnP ngiflib 0.4 does not consider the bounds of the pixels data structure, which allows remote attackers to cause a denial of service (WritePixels heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted GIF file, a different vulnerability than CVE-2018-10677.","modified":"2026-04-11T06:58:35.758740Z","published":"2018-05-03T17:29:00.337Z","references":[{"type":"FIX","url":"https://github.com/miniupnp/ngiflib/commit/cf429e0a2fe26b5f01ce0c8e9b79432e94509b6e"},{"type":"EVIDENCE","url":"https://github.com/miniupnp/ngiflib/issues/3"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/miniupnp/ngiflib","events":[{"introduced":"0"},{"last_affected":"cc64f7cc8fc20a945f2abd2ca771e8611f7e4128"},{"fixed":"cf429e0a2fe26b5f01ce0c8e9b79432e94509b6e"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.4"}]}}],"versions":["0.1","0.2","0.4"],"database_specific":{"vanir_signatures":[{"digest":{"threshold":0.9,"line_hashes":["40222433432064176082929800575717582465","62846274079341447038045936196904926572","99371066332013005687906997522328674330","76250921569557969998899316023094286860","250713858605029592680074110365031688960","181493249242074076664243472717836837458","153240117329045849680495743636463112608","336845674459016304589281855031853285477"]},"source":"https://github.com/miniupnp/ngiflib/commit/cf429e0a2fe26b5f01ce0c8e9b79432e94509b6e","id":"CVE-2018-10717-05028e87","signature_type":"Line","signature_version":"v1","target":{"file":"ngiflib.c"},"deprecated":false},{"digest":{"length":5952,"function_hash":"43287928949454851532720211538029385299"},"source":"https://github.com/miniupnp/ngiflib/commit/cf429e0a2fe26b5f01ce0c8e9b79432e94509b6e","id":"CVE-2018-10717-7deeec36","signature_type":"Function","signature_version":"v1","target":{"file":"ngiflib.c","function":"DecodeGifImg"},"deprecated":false}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-10717.json","vanir_signatures_modified":"2026-04-11T06:58:35Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}