In DGifSlurp of dgif_lib.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "145545243029665492469307439066663348100", "247173508309223739576703352666447834488", "204274942837119031254991323911169217908", "137446051655739251263945009831409295757", "55979599926335733727889751349724083980" ] }, "id": "ASB-A-355461643-2fc1c16d", "source": "https://android.googlesource.com/platform/external/giflib/+/a6ede43ad88693f782f3a6c5b8b9b9c451151ac7", "deprecated": false, "signature_version": "v1", "target": { "file": "dgif_lib.c" }, "signature_type": "Line" }, { "digest": { "length": 2358.0, "function_hash": "321314247917705348317388982420617262524" }, "id": "ASB-A-355461643-d958034a", "source": "https://android.googlesource.com/platform/external/giflib/+/a6ede43ad88693f782f3a6c5b8b9b9c451151ac7", "deprecated": false, "signature_version": "v1", "target": { "file": "dgif_lib.c", "function": "DGifSlurp" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/external/giflib/+/a6ede43ad88693f782f3a6c5b8b9b9c451151ac7" ], "spl": "2025-01-01", "severity": "High", "types": [ "RCE" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "145545243029665492469307439066663348100", "247173508309223739576703352666447834488", "204274942837119031254991323911169217908", "137446051655739251263945009831409295757", "55979599926335733727889751349724083980" ] }, "id": "ASB-A-355461643-91b2cee9", "source": "https://android.googlesource.com/platform/external/giflib/+/2cd3a5fbc14d8b42d3bcce1c4cd19b1221f1473b", "deprecated": false, "signature_version": "v1", "target": { "file": "dgif_lib.c" }, "signature_type": "Line" }, { "digest": { "length": 2358.0, "function_hash": "321314247917705348317388982420617262524" }, "id": "ASB-A-355461643-9e15285d", "source": "https://android.googlesource.com/platform/external/giflib/+/2cd3a5fbc14d8b42d3bcce1c4cd19b1221f1473b", "deprecated": false, "signature_version": "v1", "target": { "file": "dgif_lib.c", "function": "DGifSlurp" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/external/giflib/+/2cd3a5fbc14d8b42d3bcce1c4cd19b1221f1473b" ], "spl": "2025-01-01", "severity": "High", "types": [ "RCE" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "145545243029665492469307439066663348100", "247173508309223739576703352666447834488", "204274942837119031254991323911169217908", "137446051655739251263945009831409295757", "55979599926335733727889751349724083980" ] }, "id": "ASB-A-355461643-13c87b23", "source": "https://android.googlesource.com/platform/external/giflib/+/f3ca2dbb3ea30e70971c116046868009a1e0957a", "deprecated": false, "signature_version": "v1", "target": { "file": "dgif_lib.c" }, "signature_type": "Line" }, { "digest": { "length": 2358.0, "function_hash": "321314247917705348317388982420617262524" }, "id": "ASB-A-355461643-31ca2fd6", "source": "https://android.googlesource.com/platform/external/giflib/+/f3ca2dbb3ea30e70971c116046868009a1e0957a", "deprecated": false, "signature_version": "v1", "target": { "file": "dgif_lib.c", "function": "DGifSlurp" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/external/giflib/+/f3ca2dbb3ea30e70971c116046868009a1e0957a" ], "spl": "2025-01-01", "severity": "High", "types": [ "RCE" ] }