CVE-2024-54462
Published: 29 January 2025
Description
The file names constructed within image_picker are missing sanitization checks leaving them vulnerable to malicious document providers. This may result in cases where a user with a malicious document provider installed can select an image file from that provider while using your app and could potentially override internal files in your app cache. Issue patched in 0.8.12+18. It is recommended to update to the latest version of image_picker_android that contains the changes to address this vulnerability.
Security Summary
CVE-2024-54462 is a vulnerability in the image_picker package, specifically the image_picker_android component used in Flutter applications. The issue stems from missing sanitization checks on file names constructed within image_picker, making them susceptible to manipulation by malicious document providers. This flaw, classified under CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) and CWE-23 (Relative Path Traversal), carries a CVSS v3.1 base score of 7.1 (AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H), indicating high impact on integrity and availability.
An attacker can exploit this vulnerability by tricking a user into installing a malicious document provider on an Android device. Once installed, the user must interact with the vulnerable app by selecting an image file via the image_picker functionality from the attacker's provider. This allows the attacker to craft malicious file names that override internal files in the app's cache directory, potentially disrupting app functionality or enabling further compromise through cache poisoning.
The GitHub security advisory (GHSA-98v2-f47x-89xw) confirms the issue was patched in image_picker_android version 0.8.12+18. Developers are advised to update to the latest version of image_picker_android incorporating these fixes to mitigate the vulnerability.
Details
- CWE(s)