CVE-2024-49749Out-of-bounds Write in External Giflib

CWE-787Out-of-bounds Write5 documents5 sources
Severity
8.8HIGHNVD
EPSS
2.7%
top 14.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Platform External GiflibGoogle Android
Timeline
PublishedJan 21
Latest updateJan 22

Description

In DGifSlurp of dgif_lib.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

Androidplatform/external_giflib12:012:2025-01-01+4
CVEListV5google/android5 versions+4
NVDgoogle/android5 versions+4

🔴Vulnerability Details

3
GHSA
GHSA-6cvp-82cv-4v82: In DGifSlurp of dgif_lib2025-01-22
CVEList
CVE-2024-49749: In DGifSlurp of dgif_lib2025-01-21
OSV
CVE-2024-49749: In DGifSlurp of dgif_lib2025-01-01

📋Vendor Advisories

1
Android
CVE-2024-49749: Android Security Bulletin 2025-01-01 CVE: CVE-2024-49749 Severity: HIGH Type: RCE Affected AOSP versions: 12, 12L, 13, 14, 15 References: A-3554616432025-01-01
CVE-2024-49749 — Out-of-bounds Write in External Giflib | cvebase