First published: Mon Jan 06 2025(Updated: )
In DGifSlurp of dgif_lib.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
Credit: security@android.com
Affected Software | Affected Version | How to fix |
---|---|---|
Android |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-49749 is rated as critical due to its potential for remote code execution.
To resolve CVE-2024-49749, ensure that you update your Android device to the latest security patch from Google.
CVE-2024-49749 could be exploited for remote code execution without requiring user interaction.
CVE-2024-49749 affects specific versions of Android operating systems that utilize the DGifSlurp function in dgif_lib.c.
No, user interaction is not needed for the exploitation of CVE-2024-49749.