Integer overflow in the Bitmap_createFromParcel function in core/jni/android/graphics/Bitmap.cpp in Android before 5.1.1 LMY48I allows attackers to cause a denial of service (system_server crash) or obtain sensitive system_server memory-content information via a crafted application that leverages improper unmarshalling of bitmaps, aka internal bug 19666945.
Vector
NETWORK
Complexity
LOW
Authentication
NONE
Confidentiality
PARTIAL
Integrity
NONE
Availability
COMPLETE
| Advisory | Patch | Confirmed | Link |
|---|---|---|---|
| [android-security-updates] 20150812 Nexus Security Bulle... | |||
| https://android.googlesource.com/platform/frameworks/bas... |