About the PNG vulnerability in Android – Information Security Stack Exchange

The file may be specially designed to trigger the malicious code when the user opens it (viewed locally) on its device (locally or through a received link).

The vulnerability associated with the PNG bug can be traced as CVE-2019-1986, CVE-2019-1987, CVE-2019-1988.

CVE-2019-1986 – Uninitialized errors in SkPngCodec

CVE-2019-1987 – heap buffer overflow

CVE-2019-1988 – Error decoding JCS_RGB JPEG files