CVE-2024-49749
Published: 21 January 2025
Summary
CVE-2024-49749 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Google Android. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 14.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Mandates identification, reporting, and timely remediation of software flaws like the integer overflow in DGifSlurp, directly preventing exploitation through patches from the Android security bulletin.
Implements memory protection such as address space randomization and non-executable memory to mitigate remote code execution resulting from the out-of-bounds write.
Requires validation of untrusted GIF inputs to detect and reject malformed data that could trigger the integer overflow and out-of-bounds write in the library.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Out-of-bounds write in GIF processing library directly enables client-side RCE via a crafted malicious image file requiring user interaction.
NVD Description
In DGifSlurp of dgif_lib.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
Deeper analysisAI
CVE-2024-49749 is an out-of-bounds write vulnerability stemming from an integer overflow in the DGifSlurp function within dgif_lib.c, a component of the GIF image processing library. This flaw affects Android systems, as detailed in the January 2025 Android security bulletin. The issue carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) and is associated with CWE-787 (Out-of-bounds Write), potentially enabling remote code execution without requiring additional execution privileges.
A remote attacker could exploit this vulnerability by supplying a specially crafted GIF file, leading to remote code execution upon processing. Exploitation requires no privileges (PR:N) and low complexity (AC:L) over the network (AV:N), though the CVSS vector indicates user interaction is required (UI:R). Successful exploitation grants high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H) within the unchanged security scope.
The Android security bulletin at https://source.android.com/security/bulletin/2025-01-01 provides details on patches for affected Android versions, recommending users apply the January 2025 security update to mitigate the vulnerability.
Details
- CWE(s)