Miggo Logo
Miggo Vulnerability Database
CVE-2019-11932

CVE-2019-11932: android-gif-drawable Double Free vulnerability

8.8

CVSS Score
3.1

Basic Information

CVE ID
CVE-2019-11932
GHSA ID
GHSA-x534-j49x-mqvj
EPSS Score
0.99052%
CWE
CWE-415
Published
5/24/2022
Updated
1/13/2025
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
pl.droidsonroids.gif:android-gif-drawablemaven< 1.2.181.2.18

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The analysis of the patch and the description of the vulnerability directly implicate the DDGifSlurp function in the double-free issue. The patch modifies this function to correctly handle cases where the new raster size is 0, preventing the double-free vulnerability.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* *ou*l* *r** vuln*r**ility in t** ***i*Slurp *un*tion in ***o*in*.* in t** *n*roi*-*i*-*r*w**l* li*r*ry ***or* v*rsion *.*.**, *s us** in W**ts*pp *or *n*roi* ***or* v*rsion *.**.*** *n* m*ny ot**r *n*roi* *ppli**tions, *llows r*mot* *tt**k*rs to *x

Reasoning

T** *n*lysis o* t** p*t** *n* t** **s*ription o* t** vuln*r**ility *ir**tly impli**t* t** `***i*Slurp` *un*tion in t** *ou*l*-*r** issu*. T** p*t** mo*i*i*s t*is `*un*tion` to *orr**tly **n*l* **s*s w**r* t** n*w r*st*r siz* is *, pr*v*ntin* t** *ou*