Heap-based Buffer Overflow in GIF Library for Google Android SDK
CVE-2008-0985

Currently unrated

Key Information:

Vendor: Google
Status: Android Sdk
Vendor: CVE Published:; 6 March 2008

Summary

A buffer overflow vulnerability exists within the GIF library used in the Android SDK, prior to version m3-rc37a. Attackers can exploit this issue by crafting a malicious GIF file whose reported dimensions differ from its actual dimensions, leading to potential remote code execution. This can compromise the integrity of affected Android applications, making it critical for developers to apply the necessary updates and safeguards to mitigate risk.

References

http://securityreason.com/securityalert/3727

third-party-advisoryx_refsource_SREASON

https://exchange.xforce.ibmcloud.com/vulnerabilities/40998

vdb-entryx_refsource_XF

http://www.coresecurity.com/?action=item&id=2148

x_refsource_MISC

EPSS Score

8% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Mar 6, 2008
Vulnerability Reserved
Feb 26, 2008