Primary

Context

image_picker Android Filename Sanitization Vulnerability Allowing Cache File Overwrite

Vulnerability

A vulnerability exists in the image_picker Android package, specifically in versions 0.8.5+6 through 0.8.12+17. The issue arises because the filenames generated by the image_picker are not properly sanitized, creating a risk when interacting with malicious document providers. This lack of sanitization may enable a user with a harmful document provider to select an image file that could overwrite internal files in the app's cache.

Impact

Exploitation of this vulnerability could lead to unauthorized modification of internal cache files within the app.

Remediation

Users are advised to update to version 0.8.12+18 or later of the image_picker_android package, which includes the necessary fixes for this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

3.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

3.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

image_picker Android Filename Sanitization Vulnerability Allowing Cache File Overwrite

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating