CVE-2023-29723 in Glitter Unicorn Wallpaper App
Summary
by MITRE • 06/02/2023
The Glitter Unicorn Wallpaper app for Android 7.0 thru 8.0 allows unauthorized applications to actively request permission to insert data into the database that records information about a user's personal preferences and will be loaded into memory to be read and used when the application is opened. By injecting data, the attacker can force the application to load malicious image URLs and display them in the UI. As the amount of data increases, it will eventually cause the application to trigger an OOM error and crash, resulting in a persistent denial of service attack.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 12/13/2025
The vulnerability identified as CVE-2023-29723 represents a critical security flaw in the Glitter Unicorn Wallpaper Android application affecting versions 7.0 through 8.0. This issue stems from improper input validation and insufficient database access controls within the application's permission system. The flaw allows malicious third-party applications to exploit the app's data insertion mechanisms, creating a dangerous vector for unauthorized data manipulation. The vulnerability specifically targets the application's preference database management system where user configuration data is stored and subsequently loaded into memory during application execution. This represents a classic case of insufficient access control as defined by CWE-284, where unauthorized entities can manipulate application data structures.
The technical implementation of this vulnerability involves the exploitation of Android's permission model through which malicious applications can request and obtain elevated database insertion privileges. When unauthorized applications successfully insert data into the preference database, they can inject malicious image URLs that will be automatically loaded and displayed within the application's user interface. This injection mechanism bypasses normal application security controls and creates a persistent threat vector. The database insertion occurs through legitimate permission pathways that should only be accessible to the application itself, but due to inadequate validation, malicious actors can leverage these legitimate interfaces for harmful purposes. The flaw essentially creates a backdoor through which attackers can modify application behavior without requiring direct code execution privileges.
The operational impact of this vulnerability manifests as a persistent denial of service condition that can be maintained indefinitely through repeated data injection attacks. As malicious data accumulates within the preference database, the application's memory consumption gradually increases until it reaches critical thresholds. This memory exhaustion eventually triggers Out Of Memory errors that cause the application to crash and become unresponsive. The sustained nature of this attack means that users cannot simply restart the application to resolve the issue, as the malicious data persists in the database and continues to cause memory exhaustion upon each application launch. This type of attack aligns with the attack pattern described in MITRE ATT&CK framework under T1499.004 for network denial of service and represents a sophisticated form of resource exhaustion attack that targets application memory management rather than network bandwidth.
The vulnerability's exploitation requires minimal technical expertise and can be accomplished through standard Android application development practices, making it particularly dangerous for widespread impact. Attackers can craft malicious applications that request appropriate permissions and then systematically insert malicious data entries that will cause the target application to fail. The persistence of the attack means that even after the initial injection occurs, the malicious state continues to affect application functionality until the database is manually cleared or the application is uninstalled and reinstalled. This vulnerability also demonstrates poor input sanitization practices and inadequate database transaction controls that should be implemented to prevent unauthorized modifications to application-critical data structures. Organizations should implement proper database access controls and input validation mechanisms to prevent similar vulnerabilities from being exploited in other applications. The attack vector specifically targets the application's preference loading mechanism and memory management architecture, making it particularly effective at disrupting user experience and application availability.