GSA_kwCzR0hTQS14NTM0LWo0OXgtbXF2as4AAiQt

High EPSS: 0.6987% (0.98593 Percentile) EPSS:

Permalink JSON

android-gif-drawable Double Free vulnerability

Affected Packages	Affected Versions	Fixed Versions
maven:pl.droidsonroids.gif:android-gif-drawable	< 1.2.18	1.2.18
35 Dependent packages 2,327 Dependent repositories Affected Version Ranges All affected versions 1.0.6, 1.0.7, 1.0.8, 1.0.9, 1.0.10, 1.0.11, 1.0.12, 1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.1.5, 1.1.6, 1.1.7, 1.1.8, 1.1.9, 1.1.10, 1.1.11, 1.1.12, 1.1.13, 1.1.14, 1.1.15, 1.1.16, 1.1.17, 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.2.6, 1.2.7, 1.2.8, 1.2.9, 1.2.10, 1.2.11, 1.2.12, 1.2.13, 1.2.14, 1.2.15, 1.2.16, 1.2.17 All unaffected versions 1.2.18, 1.2.19, 1.2.20, 1.2.21, 1.2.22, 1.2.23, 1.2.24, 1.2.25, 1.2.26, 1.2.27, 1.2.28, 1.2.29

A double free vulnerability in the DDGifSlurp function in decoding.c in the android-gif-drawable library before version 1.2.18, as used in WhatsApp for Android before version 2.19.244 and many other Android applications, allows remote attackers to execute arbitrary code or cause a denial of service when the library is used to parse a specially crafted GIF image.

References:

Identifiers

GHSA-x534-j49x-mqvj

CVE-2019-11932

Risk

Severity

High

EPSS

EPSS Percentage: 0.6987

EPSS Percentile: 0.98593

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/koral--/android-gif-drawable

Date and time

Published

over 3 years ago

Updated

10 months ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories