High severityNVD Advisory· Published Aug 16, 2022· Updated Aug 3, 2024
CVE-2022-38216
CVE-2022-38216
Description
An integer overflow exists in Mapbox's closed source gl-native library prior to version 10.6.1, which is bundled with multiple Mapbox products including open source libraries. The overflow is caused by large image height and width values when creating a new Image and allows for out of bounds writes, potentially crashing the Mapbox process.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.mapbox.mapboxsdk:mapbox-android-coreMaven | < 10.6.1 | 10.6.1 |
Affected products
2Patches
Vulnerability mechanics
References
3- github.com/advisories/GHSA-4696-g7jj-xg2hghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-38216ghsaADVISORY
- github.com/mapbox/mapbox-maps-android/releases/tag/android-v10.6.1ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.