Flutter security advisories

1,301 views
Skip to first unread message

Mariam Hasnany

unread,
Dec 16, 2024, 3:07:44 PM12/16/24
to flutter-...@googlegroups.com

The Flutter team recently received security research reports that found some vulnerabilities in Flutter owned code (thank you to Oskar Zeino-Mahmalat from sonarsource and Yudai Fujiwara and Seiya Nakata of Ricerca Security).


We’ve spent the last week or so fixing the issues reported, please see below for more detail on each.


Recommended action: updating package versions to 0.8.12+18 of image_picker, 0.5.1+12 of file_selector  and 2.3.4 of shared_preferences and updating to Flutter 3.27 stable


Issue #1: missing sanitization checks for file_selector_android and image_picker_android packages

Reported by:

Oskar Zeino-Mahmalat from sonarsource


Security advisories:

https://github.com/flutter/packages/security/advisories/GHSA-r465-vhm9-7r5h 

https://github.com/flutter/packages/security/advisories/GHSA-98v2-f47x-89xw 


PRs: 

https://github.com/flutter/packages/pull/8184

https://github.com/flutter/packages/pull/8188


Issue #2: Deserialization leads to adhoc code execution for shared_preferences_android

Reported by:

Oskar Zeino-Mahmalat from sonarsource


Security advisory:

https://github.com/flutter/packages/security/advisories/GHSA-3hpf-ff72-j67p 


PR:

https://github.com/flutter/packages/pull/8187


Issue #3: Malformed APNG images could cause out-of-bounds memory writes

Reported by:

Yudai Fujiwara and Seiya Nakata of Ricerca Security


Security advisory:

Previously the Flutter Engine did not have correct bounds checking during APNG decoding. A malformed APNG image could have caused the Flutter Engine to crash. If several other protections were also thwarted (ASLR, stack protection, etc.), a malicious APNG image could have potentially led to execution of untrusted code by way of the out-of-bounds writes.


Severity: Medium 4.3/10


PRs:

https://github.com/flutter/engine/pull/56928

https://github.com/flutter/engine/pull/57025


Fixes will be in 3.27 stable.




We also want to remind the community that security vulnerability reports are welcome and we appreciate those that take the time to review our code and let us know where it can be more secure. If you, or someone you know,  has a vulnerability and want to report is please follow the instructions at https://docs.flutter.dev/security 



Reply all
Reply to author
Forward
0 new messages