{"id":"CVE-2022-23435","details":"decoding.c in android-gif-drawable before 1.2.24 does not limit the maximum length of a comment, leading to denial of service.","aliases":["GHSA-3mm4-w7v6-4rhv"],"modified":"2026-04-11T22:13:38.348675Z","published":"2022-01-19T01:15:09.747Z","references":[{"type":"FIX","url":"https://github.com/koral--/android-gif-drawable/commit/9f0f0c89e6fa38548163771feeb4bde84b828887"},{"type":"FIX","url":"https://github.com/koral--/android-gif-drawable/compare/v1.2.23...v1.2.24"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/koral--/android-gif-drawable","events":[{"introduced":"0"},{"fixed":"fd4d76a167cf4129897d130b3fccaa1aa223895b"},{"fixed":"9f0f0c89e6fa38548163771feeb4bde84b828887"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.2.24"}]}}],"versions":["v1.0.0","v1.0.1","v1.0.10","v1.0.11","v1.0.12","v1.0.2","v1.0.3","v1.0.4","v1.0.5","v1.0.6","v1.0.7","v1.1.0","v1.1.1","v1.1.10","v1.1.11","v1.1.12","v1.1.13","v1.1.14","v1.1.15","v1.1.16","v1.1.17","v1.1.2","v1.1.3","v1.1.4","v1.1.5","v1.1.6","v1.1.7","v1.1.8","v1.1.9","v1.2.0","v1.2.1","v1.2.10","v1.2.17","v1.2.19","v1.2.2","v1.2.20","v1.2.21","v1.2.22","v1.2.23","v1.2.4","v1.2.5","v1.2.6"],"database_specific":{"vanir_signatures_modified":"2026-04-11T22:13:38Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-23435.json","vanir_signatures":[{"digest":{"line_hashes":["129823501033511240129047824089354369775","316193249013358743226091813887949898530","60714204790306486470492009225635403660","52123304688088156956192345558888218494","46038213712840512898127352381227602308","252014771493387578434026301065289782225","22236143923408314898103502069118509635","211131470429896384312664607067992137494","280558655947406488351717893498674248663","76245982527847464765038419948934828597"],"threshold":0.9},"signature_type":"Line","target":{"file":"android-gif-drawable/src/main/c/decoding.c"},"source":"https://github.com/koral--/android-gif-drawable/commit/9f0f0c89e6fa38548163771feeb4bde84b828887","signature_version":"v1","id":"CVE-2022-23435-157ada6e","deprecated":false},{"digest":{"length":481,"function_hash":"48138415240480838434146030969822863130"},"signature_type":"Function","target":{"file":"android-gif-drawable/src/main/c/decoding.c","function":"getComment"},"source":"https://github.com/koral--/android-gif-drawable/commit/9f0f0c89e6fa38548163771feeb4bde84b828887","signature_version":"v1","id":"CVE-2022-23435-8e144436","deprecated":false}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}