A double free vulnerability in the DDGifSlurp function in decoding.c in the android-gif-drawable library before version 1.2.18, as used in WhatsApp for Android before version 2.19.244 and many other Android applications, allows remote malicious users to execute arbitrary code or cause a denial of service when the library is used to parse a specially crafted GIF image.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
whatsapp whatsapp |
||
android-gif-drawable project android-gif-drawable |
Plus, NSA's Ghidra found to contain faulty code
Roundup Here's the latest security news in handy digest form of stories you may have missed over the last week. Reg reader Tony H writes in to tell us of an interesting security bug that arises when running NordVPN in tandem with the Cloudflare 1.1.1.1 WARP service in iOS. The end result is a connection that looks to be protected by NordVPN, but in reality it is completely exposed. Here's how it works: The user first connects to 1.1.1.1 with Warp, then disables the app without turning off Warp. ...