CVE-2022-23435
Description
decoding.c in android-gif-drawable before 1.2.24 does not limit the maximum length of a comment, leading to denial of service.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
android-gif-drawable before 1.2.24 has a denial-of-service vulnerability in comment length handling.
Vulnerability
The decoding.c file in the android-gif-drawable library (versions before 1.2.24) does not enforce a limit on the maximum length of a comment block inside a GIF file. An attacker can craft a GIF containing an excessively long comment, causing the decoder to consume excessive memory or enter a resource-intensive loop, leading to a denial of service. The affected library is used for rendering animated GIFs on Android (API level 17+). [1] [2] [3]
Exploitation
An attacker does not require authentication or special permissions. The attacker supplies a malicious GIF file with an arbitrarily long comment field. When the victim application loads this GIF using android-gif-drawable (e.g., via GifImageView, GifImageButton, or direct GifDrawable usage), the decoder processes the oversized comment without a bound check, causing excessive memory allocation or CPU consumption. [1] [2] [3]
Impact
Successful exploitation results in denial of service. The victim application may become unresponsive or crash due to resource exhaustion. No disclosure of sensitive information or code execution is reported. [2] [3]
Mitigation
Update to version 1.2.24 or later, which fixes the issue by limiting comment length. The fix was included in releases after August 2021, with version 1.2.24 available as of January 2022. Users should upgrade their dependency to the latest stable version (e.g., 1.2.31). No workaround is publicly documented for unpatched versions, and this CVE is not listed on the CISA KEV catalog. [1] [3] [4]
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
pl.droidsonroids.gif:android-gif-drawableMaven | < 1.2.24 | 1.2.24 |
Affected products
2- android-gif-drawable/android-gif-drawabledescription
Patches
19f0f0c89e6faLimit maximum length of comment
1 file changed · +9 −4
android-gif-drawable/src/main/c/decoding.c+9 −4 modified@@ -1,4 +1,5 @@ #include "gif.h" +#define COMMENT_LENGTH_MAX 2048 static bool updateGCB(GifInfo *info, uint_fast32_t *lastAllocatedGCBIndex) { if (*lastAllocatedGCBIndex < info->gifFilePtr->ImageCount) { @@ -177,12 +178,16 @@ static int readExtensions(int ExtFunction, GifByteType *ExtData, GifInfo *info) } static int getComment(GifByteType *Bytes, GifInfo *info) { - unsigned int len = (unsigned int) Bytes[0]; + unsigned int length = (unsigned int) Bytes[0]; size_t offset = info->comment != NULL ? strlen(info->comment) : 0; - char *ret = reallocarray(info->comment, len + offset + 1, sizeof(char)); + unsigned int newLength = length + offset + 1; + if (newLength > COMMENT_LENGTH_MAX) { + return GIF_OK; + } + char *ret = reallocarray(info->comment, newLength, sizeof(char)); if (ret != NULL) { - memcpy(ret + offset, &Bytes[1], len); - ret[len + offset] = 0; + memcpy(ret + offset, &Bytes[1], length); + ret[length + offset] = 0; info->comment = ret; return GIF_OK; }
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- github.com/advisories/GHSA-3mm4-w7v6-4rhvghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-23435ghsaADVISORY
- github.com/koral--/android-gif-drawable/commit/9f0f0c89e6fa38548163771feeb4bde84b828887ghsax_refsource_MISCWEB
- github.com/koral--/android-gif-drawable/compare/v1.2.23...v1.2.24ghsax_refsource_MISCWEB
- github.com/koral--/android-gif-drawable/issues/792ghsaWEB
News mentions
0No linked articles in our index yet.