Tencent · Libpag · CVE-2024-34408
**Name of the Vulnerable Software and Affected Versions**
Tencent libpag versions prior to 4.3.52
**Description**
The issue is related to an integer overflow in the `checkEndOfFile()` function of `DecodeStream.cpp`, which can be triggered by a crafted PAG file.
**Recommendations**
For versions prior to 4.3.52, update libpag to the latest patched version.
As a temporary workaround, consider restricting the use of crafted PAG files until a patch is available.