Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0986

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-0986
Last Modified 05 Sep 2008 05:36:30
Published 05 Mar 2008 07:44:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-0986

Summary

Integer overflow in the BMP::readFromStream method in the libsgl.so library in Google Android SDK m3-rc37a and earlier, and m5-rc14, allows remote attackers to execute arbitrary code via a crafted BMP file with a header containing a negative offset field.

Vulnerable Systems

Application

  • Google Android Sdk M3-rc37a

  • Google Android Sdk M5-rc14


References

BID - 28006

BUGTRAQ - 20080304 CORE-2008-0124: Multiple vulnerabilities in Google's Android SDK

MISC - http://www.coresecurity.com/?action=item&id=2148

CONFIRM - http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html

XF - androidsdk-bmpreadfromstream-int-overflow(40999)

SREASON - 3727


Last Updated: 27 May 2016 10:46:58