CVE-2024-49722 — Platform Frameworks Base vulnerability

Vendor	Product	Version range	Fixed in
google	android	—	—
google	android	—	—
google	android	—	—
platform	frameworks_base	>= 15-next:0 < 15-next:2025-04-01	15-next:2025-04-01
platform	frameworks_base	>= 15:0 < 15:2025-04-01	15:2025-04-01

Android

CVE-2024-49722: Android Security Bulletin 2025-04-01 CVE: CVE-2024-49722 Severity: HIGH Type: ID Affected AOSP versions: 15 References: A-341688848 [2]

vendor_android·2025-04-01·CVSS 5.5

CVE-2024-49722 [MEDIUM] CVE-2024-49722: Android Security Bulletin 2025-04-01 CVE: CVE-2024-49722 Severity: HIGH Type: ID Affected AOSP versions: 15 References: A-341688848 [2] Android Security Bulletin 2025-04-01 CVE: CVE-2024-49722 Severity: HIGH Type: ID Affected AOSP versions: 15 References: A-341688848 [2]

GHSA

GHSA-vg73-3j94-8qw9: In showAvatarPicker of EditUserPhotoController

ghsa_unreviewed·2025-09-03

CVE-2024-49722 GHSA-vg73-3j94-8qw9: In showAvatarPicker of EditUserPhotoController In showAvatarPicker of EditUserPhotoController.java, there is a possible cross user image leak due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

OSV

CVE-2024-49722: In showAvatarPicker of EditUserPhotoController

osv·2025-04-01

CVE-2024-49722 CVE-2024-49722: In showAvatarPicker of EditUserPhotoController In showAvatarPicker of EditUserPhotoController.java, there is a possible cross user image leak due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-49722: In showAvatarPicker of EditUserPhotoController.java, there is a possible cross user image leak due to a confused deputy. This could lead to local information…

Affected