CVE-2023-29725

Name of the Vulnerable Software and Affected Versions BT21 x BTS Wallpaper app version 12 for Android

Description The issue allows unauthorized applications to request permission to insert data into the database that records user personal preferences. This data is loaded into memory when the application is opened. By injecting data, an attacker can force the application to load malicious image URLs and display them in the UI. As the amount of data increases, it will cause the application to trigger an OOM error and crash, resulting in a persistent denial of service attack.

Recommendations For BT21 x BTS Wallpaper app version 12, consider restricting access to the database that records user personal preferences to prevent unauthorized data injection until a patch is available. As a temporary workaround, avoid using the application with unauthorized permissions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.