Line
by Linecorp
CVEs (13)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-4850 | Hig | 0.53 | 8.1 | 0.02 | Apr 20, 2017 | LINE for Windows before 4.8.3 allows man-in-the-middle attackers to execute arbitrary code. | ||
| CVE-2016-4831 | Hig | 0.51 | 7.8 | 0.00 | Jul 12, 2016 | Untrusted search path vulnerability in LINE and LINE Installer 4.7.0 and earlier on Windows allows local users to gain privileges via a Trojan horse DLL in an unspecified directory. | ||
| CVE-2021-36214 | Med | 0.40 | 6.1 | 0.01 | Jul 13, 2021 | LINE client for iOS before 10.16.3 allows cross site script with specific header in WebView. | ||
| CVE-2016-1156 | Med | 0.37 | 5.7 | 0.01 | Feb 19, 2016 | LINE 4.3.0.724 and earlier on Windows and 4.3.1 and earlier on OS X allows remote authenticated users to cause a denial of service (application crash) via a crafted post that is mishandled when displaying a Timeline. | ||
| CVE-2025-14023 | 0.00 | — | 0.00 | Dec 15, 2025 | LINE client for iOS prior to 15.19 allows UI spoofing due to inconsistencies between the navigation state and the in-app browser's user interface, which could create confusion about the trust context of displayed pages or interactive elements under specific conditions. | |||
| CVE-2025-14021 | 0.00 | — | 0.00 | Dec 15, 2025 | The in-app browser in LINE client for iOS versions prior to 14.14 is vulnerable to address bar spoofing, which could allow attackers to execute malicious JavaScript within iframes while displaying trusted URLs, enabling phishing attacks through overlaid malicious content. | |||
| CVE-2025-14020 | 0.00 | — | 0.00 | Dec 15, 2025 | LINE client for Android versions prior to 14.20 contains a UI spoofing vulnerability in the in-app browser where the full-screen security Toast notification is not properly re-displayed when users return from another application, potentially allowing attackers to conduct… | |||
| CVE-2025-14019 | 0.00 | — | 0.00 | Dec 15, 2025 | LINE client for Android versions from 13.8 to 15.5 is vulnerable to UI spoofing in the in-app browser where a specific layout could obscure the full-screen warning prompt, potentially allowing attackers to conduct phishing attacks. | |||
| CVE-2023-45559 | 0.00 | — | 0.01 | Jan 3, 2024 | An issue in Tamaki_hamanoki Line v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token. | |||
| CVE-2023-39733 | 0.00 | — | 0.01 | Oct 24, 2023 | The leakage of the client secret in TonTon-Tei Line v13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. | |||
| CVE-2023-39040 | 0.00 | — | 0.00 | Sep 18, 2023 | An information leak in Cheese Cafe Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | |||
| CVE-2023-31818 | 0.00 | — | 0.01 | Jul 11, 2023 | An issue found in Marukyu Line v.13.4.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp function. | |||
| CVE-2013-7144 | 0.00 | — | 0.01 | Aug 16, 2014 | LINE 3.2.1.83 and earlier on Windows and 3.2.1 and earlier on OS X does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
- risk 0.53cvss 8.1epss 0.02
LINE for Windows before 4.8.3 allows man-in-the-middle attackers to execute arbitrary code.
- risk 0.51cvss 7.8epss 0.00
Untrusted search path vulnerability in LINE and LINE Installer 4.7.0 and earlier on Windows allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.
- risk 0.40cvss 6.1epss 0.01
LINE client for iOS before 10.16.3 allows cross site script with specific header in WebView.
- risk 0.37cvss 5.7epss 0.01
LINE 4.3.0.724 and earlier on Windows and 4.3.1 and earlier on OS X allows remote authenticated users to cause a denial of service (application crash) via a crafted post that is mishandled when displaying a Timeline.
- CVE-2025-14023Dec 15, 2025risk 0.00cvss —epss 0.00
LINE client for iOS prior to 15.19 allows UI spoofing due to inconsistencies between the navigation state and the in-app browser's user interface, which could create confusion about the trust context of displayed pages or interactive elements under specific conditions.
- CVE-2025-14021Dec 15, 2025risk 0.00cvss —epss 0.00
The in-app browser in LINE client for iOS versions prior to 14.14 is vulnerable to address bar spoofing, which could allow attackers to execute malicious JavaScript within iframes while displaying trusted URLs, enabling phishing attacks through overlaid malicious content.
- CVE-2025-14020Dec 15, 2025risk 0.00cvss —epss 0.00
LINE client for Android versions prior to 14.20 contains a UI spoofing vulnerability in the in-app browser where the full-screen security Toast notification is not properly re-displayed when users return from another application, potentially allowing attackers to conduct…
- CVE-2025-14019Dec 15, 2025risk 0.00cvss —epss 0.00
LINE client for Android versions from 13.8 to 15.5 is vulnerable to UI spoofing in the in-app browser where a specific layout could obscure the full-screen warning prompt, potentially allowing attackers to conduct phishing attacks.
- CVE-2023-45559Jan 3, 2024risk 0.00cvss —epss 0.01
An issue in Tamaki_hamanoki Line v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token.
- CVE-2023-39733Oct 24, 2023risk 0.00cvss —epss 0.01
The leakage of the client secret in TonTon-Tei Line v13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages.
- CVE-2023-39040Sep 18, 2023risk 0.00cvss —epss 0.00
An information leak in Cheese Cafe Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.
- CVE-2023-31818Jul 11, 2023risk 0.00cvss —epss 0.01
An issue found in Marukyu Line v.13.4.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp function.
- CVE-2013-7144Aug 16, 2014risk 0.00cvss —epss 0.01
LINE 3.2.1.83 and earlier on Windows and 3.2.1 and earlier on OS X does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.