CVE-2018-11490 - OpenCVE

The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain "Private->RunningCode - 2" array index is not checked. This will lead to a denial of service or possibly unspecified other impact.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Canonical	Ubuntu Linux
Sam2p Project	Sam2p
Debian	Debian Linux
Giflib Project	Giflib

Configuration 1 [-]

OR	cpe:2.3:a:giflib_project:giflib::::::::
	cpe:2.3:a:sam2p_project:sam2p:0.49.4:::::::*

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 3 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:19.04:::::::*

References

Link	Resource
http://www.securityfocus.com/bid/104327	Third Party Advisory VDB Entry
https://github.com/pts/sam2p/issues/38	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/12/msg00008.html	Mailing List Third Party Advisory
https://usn.ubuntu.com/4107-1/	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2018-05-26T00:00:00

Updated: 2022-12-05T00:00:00

Reserved: 2018-05-26T00:00:00

Link: CVE-2018-11490

JSON object: View

NVD Information

Status : Analyzed

Published: 2018-05-26T18:29:00.277

Modified: 2023-02-03T19:05:13.533

Link: CVE-2018-11490

JSON object: View

Redhat Information

No data.

CWE

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:giflib_project:giflib:*:*:*:*:*:*:*:*", "matchCriteriaId": "D1D4CA37-EA89-4FFE-B4CD-F0AB1F163C58", "versionEndIncluding": "3.1.1", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:sam2p_project:sam2p:0.49.4:*:*:*:*:*:*:*", "matchCriteriaId": "EE79927B-648D-46F8-ACDF-5E96440FDD02", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain \"Private->RunningCode - 2\" array index is not checked. This will lead to a denial of service or possibly unspecified other impact."}, {"lang": "es", "value": "La funci\u00f3n DGifDecompressLine en dgif_lib.c en GIFLIB (probablemente en la versi\u00f3n 3.0.x), tal y como se distribuy\u00f3 posteriormente en cgif.c en sam2p 0.49.4, tiene un desbordamiento de b\u00fafer basado en memoria din\u00e1mica (heap) debido a que no se comprueba cierto \u00edndice de arrays \"Private->RunningCode - 2\". Esto podr\u00eda conducir a una denegaci\u00f3n de servicio (DoS) o a otro tipo de impacto sin especificar."}], "id": "CVE-2018-11490", "lastModified": "2023-02-03T19:05:13.533", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-05-26T18:29:00.277", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/104327"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/pts/sam2p/issues/38"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00008.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4107-1/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-129"}, {"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}