Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-0985

CWE-119Buffer Overflow4 documents4 sources
Severity
6.8MEDIUM
EPSS
15.5%
top 5.32%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Google Android SDK
Timeline
PublishedMar 6
Latest updateMay 1

Description

Heap-based buffer overflow in the GIF library in the WebKit framework for Google Android SDK m3-rc37a and earlier allows remote attackers to execute arbitrary code via a crafted GIF file whose logical screen height and width are different than the actual height and width.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

NVDgoogle/android_sdkm3-rc37a

Patches

Patch: android-developers.blogspot.comPatch: android-developers.blogspot.com

🔴Vulnerability Details

2
GHSA
GHSA-xhpm-5gq7-cm9x: Heap-based buffer overflow in the GIF library in the WebKit framework for Google Android SDK m3-rc37a and earlier allows remote attackers to execute a2022-05-01
CVEList
CVE-2008-0985: Heap-based buffer overflow in the GIF library in the WebKit framework for Google Android SDK m3-rc37a and earlier allows remote attackers to execute a2008-03-06

💥Exploits & PoCs

1
Exploit-DB
Google Android Web Browser - '.GIF' File Heap Buffer Overflow2008-03-04
CVE-2008-0985 (MEDIUM CVSS 6.8) | Heap-based buffer overflow in the G | cvebase.io