CVE-2022-38216
Summary
Descriptions
An integer overflow exists in Mapbox's closed source gl-native library prior to version 10.6.1, which is bundled with multiple Mapbox products including open source libraries. The overflow is caused by large image height and width values when creating a new Image and allows for out of bounds writes, potentially crashing the Mapbox process.
Se presenta un desbordamiento de enteros en la biblioteca de código cerrado gl-native de Mapbox versiones anteriores a 10.6.1, que es incluida con varios productos de Mapbox, incluyendo las bibliotecas de código abierto. El desbordamiento es causado por grandes valores de altura y anchura de la imagen cuando es creada una nueva imagen y permite escrituras fuera de límites, lo que potencialmente puede bloquear el proceso de Mapbox.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-08-12 CVE Reserved
- 2022-08-16 CVE Published
- 2024-08-03 CVE Updated
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-190: Integer Overflow or Wraparound
CAPEC
Threat Intelligence Resources (0)
| Select | Title | Date |
|---|
Select an advisory to view details here.
| Select | Title | Date |
|---|
Select an exploit to view details here.
References (1)
| URL | Tag | Source |
|---|---|---|
| https://github.com/mapbox/mapbox-maps-android/releases/tag/android-v10.6.1 | Release Notes |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mapbox Search vendor "Mapbox" | Maps Software Development Kit Search vendor "Mapbox" for product "Maps Software Development Kit" | < 10.6.1 Search vendor "Mapbox" for product "Maps Software Development Kit" and version " < 10.6.1" | android |
Affected
| ||||||