CVE-2024-54462

Published: Jan 29, 2025

Modified: Feb 12, 2025

PUBLISHED

Description

The file names constructed within image_picker are missing sanitization checks leaving them vulnerable to malicious document providers. This may result in cases where a user with a malicious document provider installed can select an image file from that provider while using your app and could potentially override internal files in your app cache. Issue patched in 0.8.12+18. It is recommended to update to the latest version of image_picker_android that contains the changes to address this vulnerability.

Vendor	Product	Versions
Flutter	image_picker_android	affected `0.8.5+6 - <= 0.8.12+17`

Weaknesses (CWE)

CWE-23

References

https://github.com/flutter/packages/security/advisories/GHSA-98v2-f47x-89xw

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-54462

Description

Affected Products

Weaknesses (CWE)

References