Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-0986

CWE-1894 documents4 sources
Severity
7.5HIGH
EPSS
15.1%
top 5.42%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Google Android SDK
Timeline
PublishedMar 6
Latest updateMay 1

Description

Integer overflow in the BMP::readFromStream method in the libsgl.so library in Google Android SDK m3-rc37a and earlier, and m5-rc14, allows remote attackers to execute arbitrary code via a crafted BMP file with a header containing a negative offset field.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDgoogle/android_sdkm3-rc37a+1

🔴Vulnerability Details

2
GHSA
GHSA-534x-p9fh-xpch: Integer overflow in the BMP::readFromStream method in the libsgl2022-05-01
CVEList
CVE-2008-0986: Integer overflow in the BMP::readFromStream method in the libsgl2008-03-06

💥Exploits & PoCs

1
Exploit-DB
Google Android Web Browser - '.BMP' File Integer Overflow2008-03-04
CVE-2008-0986 (HIGH CVSS 7.5) | Integer overflow in the BMP::readFr | cvebase.io