Android Libwebp Integer Overflow Vulnerability in DGifSlurp Function Leading to Out-of-Bounds Write and Potential Remote Code Execution

Vulnerability

A vulnerability has been identified in the DGifSlurp function of the libwebp library, specifically within the dgif_lib.c file. This issue arises from an integer overflow, which creates a possible out-of-bounds write. Such a vulnerability could be exploited to execute remote code without requiring additional execution privileges. Notably, user interaction is not necessary for exploitation.

Impact

Exploitation of this vulnerability could result in remote code execution on the affected system.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.6

remediation

0.0

relevance

0.0

threat

0.1

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.6

remediation

0.0

relevance

0.0

threat

0.1

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Android Libwebp Integer Overflow Vulnerability in DGifSlurp Function Leading to Out-of-Bounds Write and Potential Remote Code Execution

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating