JVN#97845465
Multiple integer overflow vulnerabilities in LINE(Android)
Overview
LINE(Android) contains multiple integer overflow vulnerabilities.
Products Affected
- LINE(Android) from 4.4.0 to the version before 9.15.1
Description
LINE(Android) provided by LINE Corporation contains multiple integer overflow vulnerabilities (CWE-190) listed below.
- Integer overflow vulnerability in processing images using apng-drawable - CVE-2019-6007
CVSS v3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Base Score: 5.3 CVSS v2 AV:N/AC:M/Au:N/C:P/I:P/A:P Base Score: 6.8 - Integer overflow vulnerability in processing images - CVE-2019-6010
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Base Score: 6.3 CVSS v2 AV:N/AC:M/Au:N/C:P/I:P/A:P Base Score: 6.8
Impact
Having a user read a specially crafted image on LINE Android may cause the application to crash, or may lead arbitrary code being executed by a remote attacker.
Solution
Update the Software
Update the software to the latest version according to the information provided by the developer.
The developer states that fixes for several bugs and issues are also contained in the updated version, thus the developer recommends users to apply the update.
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
LINE Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and LINE Corporation coordinated under the Information Security Early Warning Partnership.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2019-6007 |
|
CVE-2019-6010 |
|
| JVN iPedia |
JVNDB-2019-000060 |
Update History
- 2019/10/17
- LINE Corporation update status