Aggregates CVE and security vulnerability intelligence across all miniupnp_project-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk memory corruption, vendor risk buffer overflow, and vendor risk path handling and related problems; some flaws may lead to vendor impact application crash.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-5720 | miniupnpd contains an integer underflow vulnerability in SOAPAction header parsing that allows remote attackers to cause a denial of service or information disclosure by sending a malformed SOAPAction header with a single quote. Attackers can trigger an out-of-bounds memory read by exploiting improper length validation in ParseHttpHeaders(), where the parsed length underflows to a large unsigned value when passed to memchr(), causing the process to scan memory far beyond the allocated HTTP reque | [email protected] | 7.1 | 0.05% | 2026-04-17 | 2026-05-11 |
| CVE-2020-24221 | An issue was discovered in GetByte function in miniupnp ngiflib version 0.4, allows local attackers to cause a denial of service (DoS) via crafted .gif file (infinite loop). | [email protected] | 5.5 | 0.04% | 2023-08-11 | 2024-11-21 |
| CVE-2023-39114 | ngiflib commit 84a75 was discovered to contain a segmentation violation via the function SDL_LoadAnimatedGif at ngiflibSDL.c. This vulnerability is triggered when running the program SDLaffgif. | [email protected] | 5.5 | 0.04% | 2023-08-02 | 2024-11-21 |
| CVE-2023-39113 | ngiflib commit fb271 was discovered to contain a segmentation violation via the function "main" at gif2tag.c. This vulnerability is triggered when running the program gif2tga. | [email protected] | 5.5 | 0.04% | 2023-08-02 | 2024-11-21 |
| CVE-2023-37748 | ngiflib commit 5e7292 was discovered to contain an infinite loop via the function DecodeGifImg at ngiflib.c. | [email protected] | 5.5 | 0.04% | 2023-07-19 | 2024-11-21 |
| CVE-2022-30858 | An issue was discovered in ngiflib 0.4. There is SEGV in SDL_LoadAnimatedGif when use SDLaffgif. poc : ./SDLaffgif CA_file2_0 | [email protected] | 6.5 | 0.05% | 2023-07-17 | 2024-11-21 |
| CVE-2021-36531 | ngiflib 0.4 has a heap overflow in GetByte() at ngiflib.c:70 in NGIFLIB_NO_FILE mode, GetByte() reads memory buffer without checking the boundary. | [email protected] | 8.8 | 0.35% | 2021-08-27 | 2024-11-21 |
| CVE-2021-36530 | ngiflib 0.4 has a heap overflow in GetByteStr() at ngiflib.c:108 in NGIFLIB_NO_FILE mode, GetByteStr() copy memory buffer without checking the boundary. | [email protected] | 8.8 | 0.35% | 2021-08-27 | 2024-11-21 |
| CVE-2019-20219 | ngiflib 0.4 has a heap-based buffer over-read in GifIndexToTrueColor in ngiflib.c. | [email protected] | 8.8 | 0.39% | 2020-01-02 | 2024-11-21 |
| CVE-2019-19011 | MiniUPnP ngiflib 0.4 has a NULL pointer dereference in GifIndexToTrueColor in ngiflib.c via a file that lacks a palette. | [email protected] | 7.5 | 0.50% | 2019-11-17 | 2024-11-21 |
| CVE-2013-2600 | MiniUPnPd has information disclosure use of snprintf() | [email protected] | 7.5 | 0.49% | 2019-11-01 | 2024-11-21 |
| CVE-2019-16347 | ngiflib 0.4 has a heap-based buffer overflow in WritePixels() in ngiflib.c when called from DecodeGifImg, because deinterlacing for small pictures is mishandled. | [email protected] | 8.8 | 0.42% | 2019-09-16 | 2024-11-21 |
| CVE-2019-16346 | ngiflib 0.4 has a heap-based buffer overflow in WritePixel() in ngiflib.c when called from DecodeGifImg, because deinterlacing for small pictures is mishandled. | [email protected] | 8.8 | 0.42% | 2019-09-16 | 2024-11-21 |
| CVE-2019-12111 | A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in copyIPv6IfDifferent in pcpserver.c. | [email protected] | 7.5 | 1.16% | 2019-05-15 | 2024-11-21 |
| CVE-2019-12109 | A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in GetOutboundPinholeTimeout in upnpsoap.c for rem_port. | [email protected] | 7.5 | 0.54% | 2019-05-15 | 2024-11-21 |
| CVE-2019-12108 | A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in GetOutboundPinholeTimeout in upnpsoap.c for int_port. | [email protected] | 7.5 | 0.54% | 2019-05-15 | 2024-11-21 |
| CVE-2019-12106 | The updateDevice function in minissdpd.c in MiniUPnP MiniSSDPd 1.4 and 1.5 allows a remote attacker to crash the process due to a Use After Free vulnerability. | [email protected] | 7.5 | 0.65% | 2019-05-15 | 2024-11-21 |
| CVE-2018-11657 | ngiflib.c in MiniUPnP ngiflib 0.4 has an infinite loop in DecodeGifImg and LoadGif. | [email protected] | 7.5 | 0.28% | 2018-06-01 | 2024-11-21 |
| CVE-2018-11578 | GifIndexToTrueColor in ngiflib.c in MiniUPnP ngiflib 0.4 has a Segmentation fault. | [email protected] | 6.5 | 0.29% | 2018-05-31 | 2024-11-21 |
| CVE-2018-11576 | ngiflib.c in MiniUPnP ngiflib 0.4 has a heap-based buffer over-read in GifIndexToTrueColor. | [email protected] | 9.8 | 0.43% | 2018-05-31 | 2024-11-21 |