Information from LINE Corporation
Vulnerability ID:JVN#39383894
Title:apng-drawable vulnerable to integer overflow
Status:Vulnerable
This is a statement from the vendor itself with no modification by JPCERT/CC.
apng-drawable contains an integer overflow vulnerability.
- An integer overflow occurs when a specially crafted image is displayed using apng-drawable.
- This may causes the application to crash and it can also cause arbitrary code execution.
- An attack vector and impact vary depending on how the library is used.
The fix for this vulnerability is here
- https://github.com/line/apng-drawable/pull/57
Release notes
- https://github.com/line/apng-drawable/releases/tag/v1.7.0
LINE(Android version) was affected by this vulnerability.
- https://jvn.jp/en/jp/JVN97845465/index.html
This vulnerability was discovered within LINE Corporation.
The technical details by the discoverer is posted below
- https://engineering.linecorp.com/ja/blog/intern-report-line-client/
