CVE-2024-49749
Published: 21 January 2025
Summary
CVE-2024-49749 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Google Android. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 13.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-10 (Information Input Validation).
Deeper analysis
The vulnerability is an out-of-bounds write caused by an integer overflow in the DGifSlurp function within dgif_lib.c. This affects the GIF image parsing component referenced in the Android security bulletin for January 2025 and is tracked under CWE-787. The flaw carries a CVSS 3.1 score of 8.8.
Remote attackers can trigger the issue over a network connection to achieve arbitrary code execution. No additional execution privileges or user interaction are required for successful exploitation.
The referenced Android security bulletin provides the official advisory and patch information for affected builds.
EPSS for the CVE rose from a low baseline to a peak of 0.0509 on 2026-03-07 before receding to the current value of 0.0269, indicating a period of increased exploitation interest after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-43650
Vulnerability details
In DGifSlurp of dgif_lib.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Out-of-bounds write in GIF processing library directly enables client-side RCE via a crafted malicious image file requiring user interaction.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Mandates identification, reporting, and timely remediation of software flaws like the integer overflow in DGifSlurp, directly preventing exploitation through patches from the Android security bulletin.
Implements memory protection such as address space randomization and non-executable memory to mitigate remote code execution resulting from the out-of-bounds write.
Requires validation of untrusted GIF inputs to detect and reject malformed data that could trigger the integer overflow and out-of-bounds write in the library.