thomas BERNARD

19 exploits Active since Nov 2015
CVE-2019-12108 WRITEUP HIGH WRITEUP
miniupnpd < 2.1 - Denial of Service via NULL Pointer Dereference in GetOutboundPinholeTimeout
A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in GetOutboundPinholeTimeout in upnpsoap.c for int_port.
CVSS 7.5
CVE-2019-12109 WRITEUP HIGH WRITEUP
miniupnpd < 2.1 - Denial of Service via NULL Pointer Dereference in GetOutboundPinholeTimeout
A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in GetOutboundPinholeTimeout in upnpsoap.c for rem_port.
CVSS 7.5
CVE-2026-5720 WRITEUP CRITICAL WRITEUP
miniupnpd Integer Underflow SOAPAction Header Parsing
miniupnpd contains an integer underflow vulnerability in SOAPAction header parsing that allows remote attackers to cause a denial of service or information disclosure by sending a malformed SOAPAction header with a single quote. Attackers can trigger an out-of-bounds memory read by exploiting improper length validation in ParseHttpHeaders(), where the parsed length underflows to a large unsigned value when passed to memchr(), causing the process to scan memory far beyond the allocated HTTP request buffer.
CVSS 9.1
CVE-2026-5720 WRITEUP CRITICAL WRITEUP
miniupnpd Integer Underflow SOAPAction Header Parsing
miniupnpd contains an integer underflow vulnerability in SOAPAction header parsing that allows remote attackers to cause a denial of service or information disclosure by sending a malformed SOAPAction header with a single quote. Attackers can trigger an out-of-bounds memory read by exploiting improper length validation in ParseHttpHeaders(), where the parsed length underflows to a large unsigned value when passed to memchr(), causing the process to scan memory far beyond the allocated HTTP request buffer.
CVSS 9.1
CVE-2020-35523 WRITEUP HIGH WRITEUP
libtiff < 4.2.0 - Integer Overflow in tif_getimage.c
An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
CVSS 7.8
CVE-2020-35524 WRITEUP HIGH WRITEUP
libtiff < 4.2.0 - Heap-Based Buffer Overflow in TIFF2PDF Tool
A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
CVSS 7.8
CVE-2015-6031 WRITEUP WRITEUP
MiniUPnPc <1.9.20150917 - Buffer Overflow
Buffer overflow in the IGDstartelt function in igd_desc_parse.c in the MiniUPnP client (aka MiniUPnPc) before 1.9.20150917 allows remote UPNP servers to cause a denial of service (application crash) and possibly execute arbitrary code via an "oversized" XML element name.
CVE-2017-1000494 WRITEUP HIGH WRITEUP
miniupnpd < 2.0 - Denial of Service via Uninitialized Stack Variable in NameValueParserEndElt
Uninitialized stack variable vulnerability in NameValueParserEndElt (upnpreplyparse.c) in miniupnpd < 2.0 allows an attacker to cause Denial of Service (Segmentation fault and Memory Corruption) or possibly have unspecified other impact
CVSS 7.8
CVE-2018-10677 WRITEUP HIGH WRITEUP
MiniUPnP ngiflib 0.4 - Heap-Based Buffer Overflow in DecodeGifImg
The DecodeGifImg function in ngiflib.c in MiniUPnP ngiflib 0.4 lacks certain checks against width and height, which allows remote attackers to cause a denial of service (WritePixels heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted GIF file.
CVSS 8.8
CVE-2018-10717 WRITEUP HIGH WRITEUP
MiniUPnP ngiflib 0.4 - Heap-Based Buffer Overflow in DecodeGifImg
The DecodeGifImg function in ngiflib.c in MiniUPnP ngiflib 0.4 does not consider the bounds of the pixels data structure, which allows remote attackers to cause a denial of service (WritePixels heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted GIF file, a different vulnerability than CVE-2018-10677.
CVSS 8.8
CVE-2019-12106 WRITEUP HIGH WRITEUP
MiniUPnP MiniSSDPd <1.5 - Use After Free
The updateDevice function in minissdpd.c in MiniUPnP MiniSSDPd 1.4 and 1.5 allows a remote attacker to crash the process due to a Use After Free vulnerability.
CVSS 7.5
CVE-2019-12107 WRITEUP HIGH WRITEUP
miniupnpd < 2.1 - Information Disclosure via upnp_event_prepare snprintf Return Value
The upnp_event_prepare function in upnpevents.c in MiniUPnP MiniUPnPd through 2.1 allows a remote attacker to leak information from the heap due to improper validation of an snprintf return value.
CVSS 7.5
CVE-2019-12108 WRITEUP HIGH WRITEUP
miniupnpd < 2.1 - Denial of Service via NULL Pointer Dereference in GetOutboundPinholeTimeout
A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in GetOutboundPinholeTimeout in upnpsoap.c for int_port.
CVSS 7.5
CVE-2019-12109 WRITEUP HIGH WRITEUP
miniupnpd < 2.1 - Denial of Service via NULL Pointer Dereference in GetOutboundPinholeTimeout
A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in GetOutboundPinholeTimeout in upnpsoap.c for rem_port.
CVSS 7.5
CVE-2019-12110 WRITEUP HIGH WRITEUP
miniupnpd < 2.1 - Denial of Service via AddPortMapping NULL Pointer Dereference
An AddPortMapping Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in upnpredirect.c.
CVSS 7.5
CVE-2019-12111 WRITEUP HIGH WRITEUP
MiniUPnPd < 2.1 - Denial of Service via NULL Pointer Dereference in copyIPv6IfDifferent
A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in copyIPv6IfDifferent in pcpserver.c.
CVSS 7.5
CVE-2019-16346 WRITEUP HIGH WRITEUP
ngiflib 0.4 - Heap-Based Buffer Overflow in WritePixel
ngiflib 0.4 has a heap-based buffer overflow in WritePixel() in ngiflib.c when called from DecodeGifImg, because deinterlacing for small pictures is mishandled.
CVSS 8.8
CVE-2019-16347 WRITEUP HIGH WRITEUP
ngiflib 0.4 - Heap-Based Buffer Overflow in WritePixels
ngiflib 0.4 has a heap-based buffer overflow in WritePixels() in ngiflib.c when called from DecodeGifImg, because deinterlacing for small pictures is mishandled.
CVSS 8.8
CVE-2023-37748 WRITEUP MEDIUM WORKING POC
ngiflib - Denial of Service via Infinite Loop in DecodeGifImg
ngiflib commit 5e7292 was discovered to contain an infinite loop via the function DecodeGifImg at ngiflib.c.
CVSS 5.5