{"id":"CVE-2019-16347","details":"ngiflib 0.4 has a heap-based buffer overflow in WritePixels() in ngiflib.c when called from DecodeGifImg, because deinterlacing for small pictures is mishandled.","modified":"2026-04-11T12:42:15.139121Z","published":"2019-09-16T13:15:11.903Z","references":[{"type":"ADVISORY","url":"https://github.com/miniupnp/ngiflib/issues/12"},{"type":"FIX","url":"https://github.com/miniupnp/ngiflib/commit/37d939a6f511d16d4c95678025c235fe62e6417a"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/miniupnp/ngiflib","events":[{"introduced":"0"},{"last_affected":"cc64f7cc8fc20a945f2abd2ca771e8611f7e4128"},{"fixed":"37d939a6f511d16d4c95678025c235fe62e6417a"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.4"}]}}],"versions":["0.1","0.2","0.4"],"database_specific":{"vanir_signatures":[{"target":{"file":"ngiflib.c"},"signature_version":"v1","source":"https://github.com/miniupnp/ngiflib/commit/37d939a6f511d16d4c95678025c235fe62e6417a","signature_type":"Line","id":"CVE-2019-16347-9688e601","digest":{"threshold":0.9,"line_hashes":["237808059705286189303728704739888498370","229242860648037405396880656468698488460","124731630603682325519766367357309372658","328624310187704045354111804685906575459","268124930057869837187129210907045579643","31023134387890228903570843735593166343","193339466565163149689761784093763144872","297498800914596575828030126404514455487","5601185720343475656114657374560486875","178267510075713463348512151448395775435","321398342015279822042128630076841080835","26560040010434068325631006412338067695","106133190357796406044542665402384918400","168115372304991335718461962051690690734","91976863540595785612362940767559846201","118626459655440337298746134586675295327","59296448183950155605115959862582734659","338727352457999736121563534813910053803","116091655869708970700611955148013661270","241313923583721798498167393239016259905","120365708482770233787837790524979671985","131053759489204788757460821821315826691","319741250024963548175128897504153706373","18324846332395770525032013630325475653","158283433243319755807916970051652500413","131937554007643913125836620921660157663","231344623515658086528864884266885993654","210828881339791191729507079824018751028","322707758521564882711322399228719005820","328624310187704045354111804685906575459","268124930057869837187129210907045579643","31023134387890228903570843735593166343","193339466565163149689761784093763144872","297498800914596575828030126404514455487","5601185720343475656114657374560486875","178267510075713463348512151448395775435","321398342015279822042128630076841080835","26560040010434068325631006412338067695","106133190357796406044542665402384918400","168115372304991335718461962051690690734","91976863540595785612362940767559846201","118626459655440337298746134586675295327","59296448183950155605115959862582734659","338727352457999736121563534813910053803","116091655869708970700611955148013661270","241313923583721798498167393239016259905","120365708482770233787837790524979671985","131053759489204788757460821821315826691","319741250024963548175128897504153706373","18324846332395770525032013630325475653","158283433243319755807916970051652500413","131937554007643913125836620921660157663","231344623515658086528864884266885993654","210828881339791191729507079824018751028","322707758521564882711322399228719005820"]},"deprecated":false},{"target":{"function":"WritePixels","file":"ngiflib.c"},"signature_version":"v1","source":"https://github.com/miniupnp/ngiflib/commit/37d939a6f511d16d4c95678025c235fe62e6417a","signature_type":"Function","id":"CVE-2019-16347-f72aab64","digest":{"length":2913,"function_hash":"299598310729035935313140039135422048081"},"deprecated":false},{"target":{"function":"WritePixel","file":"ngiflib.c"},"signature_version":"v1","source":"https://github.com/miniupnp/ngiflib/commit/37d939a6f511d16d4c95678025c235fe62e6417a","signature_type":"Function","id":"CVE-2019-16347-fce35e71","digest":{"length":2316,"function_hash":"60390860885510470224584324540478048947"},"deprecated":false}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-16347.json","vanir_signatures_modified":"2026-04-11T12:42:15Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}