Login Sign Up

CVE-2024-49749

8.8 HIGH
Remote Code Execution

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code on affected systems without user interaction by exploiting an integer overflow in the GIF processing library. It affects Android devices and potentially other systems using the vulnerable GIF library. Successful exploitation could lead to complete system compromise.

💻 Affected Systems

Products:
  • Android
Versions: Android versions prior to January 2025 security patch
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: Affects systems processing GIF images through the vulnerable library component.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full system compromise, data theft, and persistent backdoor installation.

🟠

Likely Case

Application crash leading to denial of service, with potential for code execution in targeted attacks.

🟢

If Mitigated

Application crash with no code execution if memory protections are enabled.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires sending a specially crafted GIF image to trigger the integer overflow.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: January 2025 Android security patch level

Vendor Advisory: https://source.android.com/security/bulletin/2025-01-01

Restart Required: No

Instructions:

1. Apply the January 2025 Android security patch. 2. Update affected applications that use the vulnerable GIF library. 3. Reboot device if prompted.

🔧 Temporary Workarounds

Disable GIF processing

all

Prevent applications from processing GIF images where possible

🧯 If You Can't Patch

  • Implement network filtering to block GIF images at perimeter
  • Use application sandboxing to limit impact of potential exploitation

🔍 How to Verify

Check if Vulnerable:

Check Android security patch level in Settings > About phone > Android version

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify security patch level shows January 2025 or later

📡 Detection & Monitoring

Log Indicators:

  • Application crashes when processing GIF files
  • Memory access violation errors in system logs

Network Indicators:

  • Unusual GIF file transfers to applications
  • Multiple failed GIF processing attempts

SIEM Query:

source="android_logs" AND ("GIF" OR "dgif_lib" OR "DGifSlurp") AND ("crash" OR "segfault" OR "access violation")

📊 Metadata

CVE ID: CVE-2024-49749
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-787
EPSS Score: 0.76% exploit probability (72.8th percentile)
Published: January 21, 2025
Last Updated: April 22, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-49749, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)