A double free vulnerability in the DDGifSlurp function in decoding.c in the android-gif-drawable library before version 1.2.18, as used in WhatsApp for Android before version 2.19.244 and many other Android applications, allows remote malicious users to execute arbitrary code or cause a denial of service when the library is used to parse a specially crafted GIF image.
| Vendor | Product | Versions |
|---|---|---|
| 2.9.243, 2.11.544, 2.11.561, 2.12.14, 2.12.30, 2.12.48, 2.12.50, 2.12.250, 2.12.304, 2.12.331, 2.12.367, 2.12.453, 2.12.556, 2.16.95, 2.16.207, 2.16.225, 2.16.275, 2.16.306, 2.16.310, 2.16.323, 2.16.352, 2.16.382, 2.16.392, 2.16.396, 2.17.24, 2.17.79, 2.17.107, 2.17.146, 2.17.190, 2.17.223, 2.17.254, 2.17.296, 2.17.323, 2.17.351, 2.17.395, 2.17.427, 2.18.28, 2.18.29, 2.18.30, 2.18.32, 2.18.36, 2.18.37, 2.18.38, 2.18.105, 2.18.132, 2.18.248, 2.18.293, 2.18.306, 2.18.327, 2.18.341, 2.18.361, 2.18.373, 2.18.380, 2.19.4, 2.19.5, 2.19.6, 2.19.7, 2.19.8, 2.19.9, 2.19.14, 2.19.17, 2.19.18, 2.19.19, 2.19.24, 2.19.25, 2.19.27, 2.19.28, 2.19.29, 2.19.31, 2.19.33, 2.19.34, 2.19.35, 2.19.39, 2.19.42, 2.19.45, 2.19.46, 2.19.48, 2.19.50, 2.19.51, 2.19.52, 2.19.54, 2.19.55, 2.19.56, 2.19.57, 2.19.59, 2.19.61, 2.19.63, 2.19.65, 2.19.67, 2.19.69, 2.19.71, 2.19.73, 2.19.74, 2.19.75, 2.19.78, 2.19.79, 2.19.80, 2.19.81, 2.19.82, 2.19.83, 2.19.86, 2.19.87, 2.19.89, 2.19.92, 2.19.93, 2.19.95, 2.19.97, 2.19.98, 2.19.99, 2.19.102, 2.19.103, 2.19.106, 2.19.108, 2.19.110, 2.19.113, 2.19.115, 2.19.116, 2.19.118, 2.19.119, 2.19.120, 2.19.123, 2.19.126, 2.19.127, 2.19.128, 2.19.129, 2.19.130, 2.19.131, 2.19.133, 2.19.134, 2.19.136, 2.19.138, 2.19.139, 2.19.142, 2.19.143, 2.19.144, 2.19.145, 2.19.147, 2.19.148, 2.19.150, 2.19.152, 2.19.154, 2.19.155, 2.19.156, 2.19.157, 2.19.158, 2.19.159, 2.19.160, 2.19.163, 2.19.164, 2.19.165, 2.19.166, 2.19.167, 2.19.168, 2.19.169, 2.19.170, 2.19.171, 2.19.172, 2.19.174, 2.19.175, 2.19.176, 2.19.177, 2.19.178, 2.19.179, 2.19.184, 2.19.185, 2.19.186, 2.19.187, 2.19.189, 2.19.191, 2.19.192, 2.19.194, 2.19.195, 2.19.196, 2.19.203, 2.19.216, 2.19.230 |
Plus, NSA's Ghidra found to contain faulty code
Roundup Here's the latest security news in handy digest form of stories you may have missed over the last week.
Reg reader Tony writes in to tell us of an interesting security bug that arises when running NordVPN in tandem with the Cloudflare 1.1.1.1 WARP service in iOS. The end result is a connection that looks to be protected by NordVPN, but in reality it is completely exposed.
Here's how it works:
The user first connects to 1.1.1.1 with Warp, then disables the app without tu...
A security researcher has identified a flaw in the popular WhatsApp messaging platform on Android devices, which could allow attackers to launch privilege elevation and remote code execution (RCE) attacks on victims.
Exploiting the flaw—described in a Wednesday post on GitHub by a Singapore-based “technologist and an information security enthusiast” called Awakened – is a rather complicated affair. An attack involves a bad actor sending a malicious GIF file to a victim via “any ...
Vulmon