CVE-2024-54462

Name of the Vulnerable Software and Affected Versions image picker versions prior to 0.8.12+18 image picker android versions prior to 0.8.12+18

Description The file names constructed within image picker are missing sanitization checks, leaving them vulnerable to malicious document providers. This may result in cases where a user with a malicious document provider installed can select an image file from that provider while using the app and could potentially override internal files in the app cache.

Recommendations For image picker versions prior to 0.8.12+18, update to the latest version of image picker android that contains the changes to address this issue. For image picker android versions prior to 0.8.12+18, update to version 0.8.12+18 or later to resolve the vulnerability.