{"id":"CVE-2018-10677","details":"The DecodeGifImg function in ngiflib.c in MiniUPnP ngiflib 0.4 lacks certain checks against width and height, which allows remote attackers to cause a denial of service (WritePixels heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted GIF file.","modified":"2026-05-14T11:51:51.045275132Z","published":"2018-05-02T19:29:00.230Z","database_specific":{},"references":[{"type":"FIX","url":"https://github.com/miniupnp/ngiflib/commit/b588a2249c7abbfc52173e32ee11d6facef82f89"},{"type":"EVIDENCE","url":"https://github.com/miniupnp/ngiflib/issues/1"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/miniupnp/ngiflib","events":[{"introduced":"0"},{"last_affected":"cc64f7cc8fc20a945f2abd2ca771e8611f7e4128"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"last_affected":"0.4"}],"cpe":"cpe:2.3:a:miniupnp_project:ngiflib:0.4:*:*:*:*:*:*:*","source":"CPE_FIELD"}}],"versions":["0.4","0.2","0.1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-10677.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}