Published: 2019/09/12  Last Updated: 2019/10/16

Information from LINE Corporation

Vulnerability ID:JVN#39383894
Title:apng-drawable vulnerable to integer overflow

This is a statement from the vendor itself with no modification by JPCERT/CC.

apng-drawable contains an integer overflow vulnerability.

- An integer overflow occurs when a specially crafted image is displayed using apng-drawable.
- This may causes the application to crash and it can also cause arbitrary code execution.
- An attack vector and impact vary depending on how the library is used.

The fix for this vulnerability is here

Release notes

LINE(Android version) was affected by this vulnerability.

This vulnerability was discovered within LINE Corporation.
The technical details by the discoverer is posted below

update history