CVE-2022-38216

Integer Overflow or Wraparound in maven/com.mapbox.mapboxsdk/mapbox-android-core

Identifiers

GHSA-4696-g7jj-xg2h, CVE-2022-38216

Package Slug

maven/com.mapbox.mapboxsdk/mapbox-android-core

Vulnerability

Integer Overflow or Wraparound

Description

An integer overflow exists in Mapbox's closed source gl-native library prior to version 10.6.1, which is bundled with multiple Mapbox products including open source libraries. The overflow is caused by large image height and width values when creating a new Image and allows for out-of-bounds writes, potentially crashing the Mapbox process.

Affected Versions

All versions before 10.6.1

Solution

Upgrade to version 10.6.1 or above.

Last Modified

2022-11-22

source