CVE-2008-0986

2008-03-06 01:44:00 2018-10-16 00:04:08

Integer overflow in the BMP::readFromStream method in the libsgl.so library in Google Android SDK m3-rc37a and earlier, and m5-rc14, allows remote attackers to execute arbitrary code via a crafted BMP file with a header containing a negative offset field.

Vector

NETWORK

Complexity

LOW

Authentication

NONE

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Google Android sdk M5-rc14 (not an official CPE) Google Android sdk M3-rc37a (not an official CPE)

Google - Android sdk

Advisory	Patch	Confirmed	Link
			androidsdk-bmpreadfromstream-int-overflow(40999)
			28006
			http://www.coresecurity.com/?action=item&id=2148
			http://android-developers.blogspot.com/2008/03/android-s...
			20080304 CORE-2008-0124: Multiple vulnerabilities in Goo...
			3727

CVE-2008-0986

2008-03-06 01:44:00 2018-10-16 00:04:08

Vector

Complexity

Authentication

Confidentiality

Integrity

Availability

Numeric Errors (ID 189)