miniupnp_project 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
公開された問題は vendor risk memory corruption、バッファオーバーフロー, and パス処理の欠陥 に関連することが多く、vendor surface production workloads and vendor surface software deployment の文脈で アプリケーションクラッシュ and ファイル上書き などの暴露リスクを伴う場合があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2026-5720 | miniupnpd contains an integer underflow vulnerability in SOAPAction header parsing that allows remote attackers to cause a denial of service or information disclosure by sending a malformed SOAPAction header with a single quote. Attackers can trigger an out-of-bounds memory read by exploiting improper length validation in ParseHttpHeaders(), where the parsed length underflows to a large unsigned value when passed to memchr(), causing the process to scan memory far beyond the allocated HTTP reque | [email protected] | 7.1 | 0.67% | 2026-04-17 | 2026-05-11 |
| CVE-2020-24221 | An issue was discovered in GetByte function in miniupnp ngiflib version 0.4, allows local attackers to cause a denial of service (DoS) via crafted .gif file (infinite loop). | [email protected] | 5.5 | 0.30% | 2023-08-11 | 2024-11-21 |
| CVE-2023-39114 | ngiflib commit 84a75 was discovered to contain a segmentation violation via the function SDL_LoadAnimatedGif at ngiflibSDL.c. This vulnerability is triggered when running the program SDLaffgif. | [email protected] | 5.5 | 0.25% | 2023-08-02 | 2024-11-21 |
| CVE-2023-39113 | ngiflib commit fb271 was discovered to contain a segmentation violation via the function "main" at gif2tag.c. This vulnerability is triggered when running the program gif2tga. | [email protected] | 5.5 | 0.25% | 2023-08-02 | 2024-11-21 |
| CVE-2023-37748 | ngiflib commit 5e7292 was discovered to contain an infinite loop via the function DecodeGifImg at ngiflib.c. | [email protected] | 5.5 | 0.26% | 2023-07-19 | 2024-11-21 |
| CVE-2022-30858 | An issue was discovered in ngiflib 0.4. There is SEGV in SDL_LoadAnimatedGif when use SDLaffgif. poc : ./SDLaffgif CA_file2_0 | [email protected] | 6.5 | 0.53% | 2023-07-17 | 2024-11-21 |
| CVE-2021-36531 | ngiflib 0.4 has a heap overflow in GetByte() at ngiflib.c:70 in NGIFLIB_NO_FILE mode, GetByte() reads memory buffer without checking the boundary. | [email protected] | 8.8 | 1.03% | 2021-08-27 | 2024-11-21 |
| CVE-2021-36530 | ngiflib 0.4 has a heap overflow in GetByteStr() at ngiflib.c:108 in NGIFLIB_NO_FILE mode, GetByteStr() copy memory buffer without checking the boundary. | [email protected] | 8.8 | 1.03% | 2021-08-27 | 2024-11-21 |
| CVE-2019-20219 | ngiflib 0.4 has a heap-based buffer over-read in GifIndexToTrueColor in ngiflib.c. | [email protected] | 8.8 | 1.29% | 2020-01-02 | 2024-11-21 |
| CVE-2019-19011 | MiniUPnP ngiflib 0.4 has a NULL pointer dereference in GifIndexToTrueColor in ngiflib.c via a file that lacks a palette. | [email protected] | 7.5 | 1.73% | 2019-11-17 | 2024-11-21 |
| CVE-2013-2600 | MiniUPnPd has information disclosure use of snprintf() | [email protected] | 7.5 | 2.33% | 2019-11-01 | 2024-11-21 |
| CVE-2019-16347 | ngiflib 0.4 has a heap-based buffer overflow in WritePixels() in ngiflib.c when called from DecodeGifImg, because deinterlacing for small pictures is mishandled. | [email protected] | 8.8 | 1.50% | 2019-09-16 | 2024-11-21 |
| CVE-2019-16346 | ngiflib 0.4 has a heap-based buffer overflow in WritePixel() in ngiflib.c when called from DecodeGifImg, because deinterlacing for small pictures is mishandled. | [email protected] | 8.8 | 1.64% | 2019-09-16 | 2024-11-21 |
| CVE-2019-12111 | A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in copyIPv6IfDifferent in pcpserver.c. | [email protected] | 7.5 | 3.40% | 2019-05-15 | 2024-11-21 |
| CVE-2019-12109 | A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in GetOutboundPinholeTimeout in upnpsoap.c for rem_port. | [email protected] | 7.5 | 2.75% | 2019-05-15 | 2024-11-21 |
| CVE-2019-12108 | A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in GetOutboundPinholeTimeout in upnpsoap.c for int_port. | [email protected] | 7.5 | 2.75% | 2019-05-15 | 2024-11-21 |
| CVE-2019-12106 | The updateDevice function in minissdpd.c in MiniUPnP MiniSSDPd 1.4 and 1.5 allows a remote attacker to crash the process due to a Use After Free vulnerability. | [email protected] | 7.5 | 2.83% | 2019-05-15 | 2024-11-21 |
| CVE-2018-11657 | ngiflib.c in MiniUPnP ngiflib 0.4 has an infinite loop in DecodeGifImg and LoadGif. | [email protected] | 7.5 | 1.06% | 2018-06-01 | 2024-11-21 |
| CVE-2018-11578 | GifIndexToTrueColor in ngiflib.c in MiniUPnP ngiflib 0.4 has a Segmentation fault. | [email protected] | 6.5 | 1.02% | 2018-05-31 | 2024-11-21 |
| CVE-2018-11576 | ngiflib.c in MiniUPnP ngiflib 0.4 has a heap-based buffer over-read in GifIndexToTrueColor. | [email protected] | 9.8 | 1.44% | 2018-05-31 | 2024-11-21 |