CVE-2017-12950

MEDIUM

libgig 4.0.0 - Denial of Service via Crafted GIG File

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-12950. PoCs published by qflb.wu.

AI-analyzed exploit summary The exploit demonstrates a denial-of-service (DoS) vulnerability in libgig 4.0.0 via two distinct issues: a null pointer dereference in the `gig::Region::Region` function and a stack buffer overflow in the `gig::DimensionRegion::CreateVelocityTable` function. Both are triggered by crafted .gig files, leading to application crashes.

Description

The gig::Region::Region function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted gig file.

Exploits (1)

exploitdb WORKING POC

by qflb.wu · textdoslinux

https://www.exploit-db.com/exploits/42546

View Code ZIP pw:eip

The exploit demonstrates a denial-of-service (DoS) vulnerability in libgig 4.0.0 via two distinct issues: a null pointer dereference in the `gig::Region::Region` function and a stack buffer overflow in the `gig::DimensionRegion::CreateVelocityTable` function. Both are triggered by crafted .gig files, leading to application crashes.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: libgig 4.0.0

No auth needed

Prerequisites: A crafted .gig file

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2017/Aug/39

Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/42546/

Scores

CVSS v3 6.5

EPSS 0.0505

EPSS Percentile 91.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Details

CWE

CWE-476

Status published

Products (1)

linuxsampler/libgig 4.0.0

Published Aug 28, 2017

Tracked Since Feb 18, 2026