CVE-2024-49749: Integer Overflow
First published: Mon Jan 06 2025(Updated: )
In DGifSlurp of dgif_lib.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
Credit: security@android.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Android | =12.0 | |
| Android | =12.1 | |
| Android | =13.0 | |
| Android | =14.0 | |
| Android | =15.0 | |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-49749?
CVE-2024-49749 is rated as critical due to its potential for remote code execution.
How do I fix CVE-2024-49749?
To resolve CVE-2024-49749, ensure that you update your Android device to the latest security patch from Google.
What kind of exploitation is possible with CVE-2024-49749?
CVE-2024-49749 could be exploited for remote code execution without requiring user interaction.
Which software versions are affected by CVE-2024-49749?
CVE-2024-49749 affects specific versions of Android operating systems that utilize the DGifSlurp function in dgif_lib.c.
Is user interaction required to exploit CVE-2024-49749?
No, user interaction is not needed for the exploitation of CVE-2024-49749.
- agent/type
- agent/description
- agent/first-publish-date
- agent/author
- agent/weakness
- agent/severity
- agent/references
- collector/mitre-cve
- source/MITRE
- collector/android-source
- source/Android
- agent/software-canonical-lookup
- collector/epss-latest
- source/FIRST
- agent/source
- agent/epss
- agent/tags
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/softwarecombine
- agent/event
- vendor/google
- canonical/android
- version/android/12.0
- version/android/12.1
- version/android/13.0
- version/android/14.0
- version/android/15.0