Integer Overflow in Tencent's libpag Affects Portable Animated Graphics Processing
CVE-2024-34408

Currently unrated

Key Information:

Vendor: Tencent
Status: libpag
Vendor: CVE Published:; 3 May 2024

What is CVE-2024-34408?

The libpag library from Tencent, up to version 4.3.51, is susceptible to an integer overflow vulnerability in the DecodeStream::checkEndOfFile() function. This issue arises when processing specially crafted Portable Animated Graphics (PAG) files, potentially leading to unintended behavior or security risks during decoding operations. Developers using this library should review their implementations to ensure robust handling of PAG files to mitigate any risks associated with this vulnerability.

References

https://github.com/Tencent/libpag/issues/2230

https://github.com/Tencent/libpag/pull/2243

Timeline

Vulnerability published
May 3, 2024