GHSA-4696-g7jj-xg2h

Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/08/GHSA-4696-g7jj-xg2h/GHSA-4696-g7jj-xg2h.json
Aliases
  • CVE-2022-38216
Published
2022-08-17T00:00:33Z
Modified
2022-11-24T01:56:56.894107Z
Details

An integer overflow exists in Mapbox's closed source gl-native library prior to version 10.6.1, which is bundled with multiple Mapbox products including open source libraries. The overflow is caused by large image height and width values when creating a new Image and allows for out of bounds writes, potentially crashing the Mapbox process.

References

Affected packages

Maven / com.mapbox.mapboxsdk:mapbox-android-core

com.mapbox.mapboxsdk:mapbox-android-core

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0
Fixed
10.6.1

Affected versions

0.*

0.1.0
0.1.1
0.2.0
0.2.0-beta.1
0.2.0-beta.2
0.2.0-beta.3
0.2.0-beta.4
0.2.1

1.*

1.0.0
1.1.0
1.2.0
1.3.0
1.4.0
1.4.1
1.4.2
1.4.3

2.*

2.0.0
2.0.1

3.*

3.0.0
3.1.0
3.1.1
3.2.0

4.*

4.0.0