Cyber Resilience

CVE-2024-49749

High

Published: 21 January 2025

Published
21 January 2025
Modified
22 April 2025
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0269 86.2th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-49749 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Google Android. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 13.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-10 (Information Input Validation).

Deeper analysis

The vulnerability is an out-of-bounds write caused by an integer overflow in the DGifSlurp function within dgif_lib.c. This affects the GIF image parsing component referenced in the Android security bulletin for January 2025 and is tracked under CWE-787. The flaw carries a CVSS 3.1 score of 8.8.

Remote attackers can trigger the issue over a network connection to achieve arbitrary code execution. No additional execution privileges or user interaction are required for successful exploitation.

The referenced Android security bulletin provides the official advisory and patch information for affected builds.

EPSS for the CVE rose from a low baseline to a peak of 0.0509 on 2026-03-07 before receding to the current value of 0.0269, indicating a period of increased exploitation interest after disclosure.

EU & UK References

Vulnerability details

In DGifSlurp of dgif_lib.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
T1204.003 Malicious Image Execution
Adversaries may rely on a user running a malicious image to facilitate execution.
Why these techniques?

Out-of-bounds write in GIF processing library directly enables client-side RCE via a crafted malicious image file requiring user interaction.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-0122Same product: Google Android
CVE-2025-36897Same product: Google Android
CVE-2024-53842Same product: Google Android
CVE-2026-0120Same product: Google Android
CVE-2024-49745Same product: Google Android
CVE-2024-53837Same product: Google Android
CVE-2024-53838Same product: Google Android
CVE-2026-0124Same product: Google Android
CVE-2026-0113Same product: Google Android
CVE-2025-36937Same product: Google Android

Affected Assets

google
android
12.0, 12.1, 13.0, 14.0, 15.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Mandates identification, reporting, and timely remediation of software flaws like the integer overflow in DGifSlurp, directly preventing exploitation through patches from the Android security bulletin.

prevent

Implements memory protection such as address space randomization and non-executable memory to mitigate remote code execution resulting from the out-of-bounds write.

prevent

Requires validation of untrusted GIF inputs to detect and reject malformed data that could trigger the integer overflow and out-of-bounds write in the library.

References