Google Android Sdk vulnerabilities

CVE-2011-1001 [MEDIUM] CWE-20 CVE-2011-1001: dexdump in Android SDK before 2.3 does not properly perform structural verification, which allows us dexdump in Android SDK before 2.3 does not properly perform structural verification, which allows user-assisted remote attackers to cause a denial of service (dexdump crash) and possibly execute arbitrary code via a malformed APK or dex file that calls a method using more arguments than the number of register that have been declared for that method.

CVE-2008-0986 [HIGH] CWE-189 CVE-2008-0986: Integer overflow in the BMP::readFromStream method in the libsgl.so library in Google Android SDK m3 Integer overflow in the BMP::readFromStream method in the libsgl.so library in Google Android SDK m3-rc37a and earlier, and m5-rc14, allows remote attackers to execute arbitrary code via a crafted BMP file with a header containing a negative offset field.

CVE-2008-0985 [MEDIUM] CWE-119 CVE-2008-0985: Heap-based buffer overflow in the GIF library in the WebKit framework for Google Android SDK m3-rc37 Heap-based buffer overflow in the GIF library in the WebKit framework for Google Android SDK m3-rc37a and earlier allows remote attackers to execute arbitrary code via a crafted GIF file whose logical screen height and width are different than the actual height and width.