ASB-A-355461643
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-355461643.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-355461643
- Aliases
-
- A-355461643
- CVE-2024-49749
- Published
- 2025-01-01T00:00:00Z
- Modified
- 2025-07-04T14:49:55.829990Z
- Summary
- [none]
- Details
-
In DGifSlurp of dgif_lib.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/external/giflib
Package
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/external/giflib/+/a6ede43ad88693f782f3a6c5b8b9b9c451151ac7"
],
"severity": "High",
"types": [
"RCE"
],
"spl": "2025-01-01",
"vanir_signatures": [
{
"target": {
"file": "dgif_lib.c"
},
"id": "ASB-A-355461643-2fc1c16d",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"145545243029665492469307439066663348100",
"247173508309223739576703352666447834488",
"204274942837119031254991323911169217908",
"137446051655739251263945009831409295757",
"55979599926335733727889751349724083980"
]
},
"source": "https://android.googlesource.com/platform/external/giflib/+/a6ede43ad88693f782f3a6c5b8b9b9c451151ac7",
"signature_type": "Line",
"signature_version": "v1"
},
{
"target": {
"file": "dgif_lib.c",
"function": "DGifSlurp"
},
"id": "ASB-A-355461643-d958034a",
"deprecated": false,
"digest": {
"function_hash": "321314247917705348317388982420617262524",
"length": 2358.0
},
"source": "https://android.googlesource.com/platform/external/giflib/+/a6ede43ad88693f782f3a6c5b8b9b9c451151ac7",
"signature_type": "Function",
"signature_version": "v1"
}
]
}
Android / platform/external/giflib
Package
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/external/giflib/+/2cd3a5fbc14d8b42d3bcce1c4cd19b1221f1473b"
],
"severity": "High",
"types": [
"RCE"
],
"spl": "2025-01-01",
"vanir_signatures": [
{
"target": {
"file": "dgif_lib.c"
},
"id": "ASB-A-355461643-91b2cee9",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"145545243029665492469307439066663348100",
"247173508309223739576703352666447834488",
"204274942837119031254991323911169217908",
"137446051655739251263945009831409295757",
"55979599926335733727889751349724083980"
]
},
"source": "https://android.googlesource.com/platform/external/giflib/+/2cd3a5fbc14d8b42d3bcce1c4cd19b1221f1473b",
"signature_type": "Line",
"signature_version": "v1"
},
{
"target": {
"file": "dgif_lib.c",
"function": "DGifSlurp"
},
"id": "ASB-A-355461643-9e15285d",
"deprecated": false,
"digest": {
"function_hash": "321314247917705348317388982420617262524",
"length": 2358.0
},
"source": "https://android.googlesource.com/platform/external/giflib/+/2cd3a5fbc14d8b42d3bcce1c4cd19b1221f1473b",
"signature_type": "Function",
"signature_version": "v1"
}
]
}
Android / platform/external/giflib
Package
Android / platform/external/giflib
Package
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/external/giflib/+/f3ca2dbb3ea30e70971c116046868009a1e0957a"
],
"severity": "High",
"types": [
"RCE"
],
"spl": "2025-01-01",
"vanir_signatures": [
{
"target": {
"file": "dgif_lib.c"
},
"id": "ASB-A-355461643-13c87b23",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"145545243029665492469307439066663348100",
"247173508309223739576703352666447834488",
"204274942837119031254991323911169217908",
"137446051655739251263945009831409295757",
"55979599926335733727889751349724083980"
]
},
"source": "https://android.googlesource.com/platform/external/giflib/+/f3ca2dbb3ea30e70971c116046868009a1e0957a",
"signature_type": "Line",
"signature_version": "v1"
},
{
"target": {
"file": "dgif_lib.c",
"function": "DGifSlurp"
},
"id": "ASB-A-355461643-31ca2fd6",
"deprecated": false,
"digest": {
"function_hash": "321314247917705348317388982420617262524",
"length": 2358.0
},
"source": "https://android.googlesource.com/platform/external/giflib/+/f3ca2dbb3ea30e70971c116046868009a1e0957a",
"signature_type": "Function",
"signature_version": "v1"
}
]
}