{"id":"CVE-2019-12107","details":"The upnp_event_prepare function in upnpevents.c in MiniUPnP MiniUPnPd through 2.1 allows a remote attacker to leak information from the heap due to improper validation of an snprintf return value.","modified":"2026-04-11T08:05:33.244018Z","published":"2019-05-15T23:29:00.510Z","references":[{"type":"WEB","url":"https://usn.ubuntu.com/4542-1/"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2019/05/msg00045.html"},{"type":"FIX","url":"https://www.vdoo.com/blog/security-issues-discovered-in-miniupnp"},{"type":"FIX","url":"https://github.com/miniupnp/miniupnp/commit/bec6ccec63cadc95655721bc0e1dd49dac759d94"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/miniupnp/miniupnp","events":[{"introduced":"0"},{"last_affected":"582375b64f347d6ef1a4dc3478ff3678ea923f80"},{"fixed":"bec6ccec63cadc95655721bc0e1dd49dac759d94"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.1"}]}}],"versions":["minissdpd_1_2","minissdpd_1_4","miniupnpc_1_7","miniupnpc_1_8","miniupnpc_1_9","miniupnpc_2_1","miniupnpd_1_7","miniupnpd_1_8","miniupnpd_2_1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-12107.json","vanir_signatures":[{"digest":{"function_hash":"195679768704586215033078307573186238936","length":1508},"source":"https://github.com/miniupnp/miniupnp/commit/bec6ccec63cadc95655721bc0e1dd49dac759d94","id":"CVE-2019-12107-42d7d78d","signature_version":"v1","signature_type":"Function","target":{"file":"miniupnpd/upnpevents.c","function":"upnp_event_prepare"},"deprecated":false},{"digest":{"threshold":0.9,"line_hashes":["31829152111797825752361440611653672070","284513230929457560699859306313400890858","136919503779593078372569521745139641541","99685459232863163817127490133231909025","116712342579002471287631504796548362066","262273617044590758602506530763631952550","33219058818071785548471089399129013458","299211648667557767368658636759393381547","282102314380628232753679378713167776448","62681865327836303194440910103624284005","193863581451124486325341812480459615032","308586944826040207057606190186882127775","292338810521778515172698147174140115133","26681558393830868089046736420639820122","189813870036684337725930423983297212992","139480626637839776444691529098610859545"]},"source":"https://github.com/miniupnp/miniupnp/commit/bec6ccec63cadc95655721bc0e1dd49dac759d94","id":"CVE-2019-12107-a5248e92","signature_version":"v1","signature_type":"Line","target":{"file":"miniupnpd/upnpevents.c"},"deprecated":false}],"vanir_signatures_modified":"2026-04-11T08:05:33Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}