ID CVE-2008-0986
Summary Integer overflow in the BMP::readFromStream method in the libsgl.so library in Google Android SDK m3-rc37a and earlier, and m5-rc14, allows remote attackers to execute arbitrary code via a crafted BMP file with a header containing a negative offset field.
References
Vulnerable Configurations
  • cpe:2.3:a:google:android_sdk:*:*:*:*:*:*:*:*
    cpe:2.3:a:google:android_sdk:*:*:*:*:*:*:*:*
  • cpe:2.3:a:google:android_sdk:m5-rc14:*:*:*:*:*:*:*
    cpe:2.3:a:google:android_sdk:m5-rc14:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 15-10-2018 - 22:04)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 28006
bugtraq 20080304 CORE-2008-0124: Multiple vulnerabilities in Google's Android SDK
confirm http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html
misc http://www.coresecurity.com/?action=item&id=2148
sreason 3727
xf androidsdk-bmpreadfromstream-int-overflow(40999)
Last major update 15-10-2018 - 22:04
Published 06-03-2008 - 00:44
Last modified 15-10-2018 - 22:04
Back to Top