VYPR

Minikin

by Google

CVEs (3)

  • CVE-2016-2414MedApr 18, 2016
    risk 0.40cvss 6.2epss 0.00

    The Minikin library in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not properly consider negative size values in font data, which allows remote attackers to cause a denial of service (memory corruption and reboot loop) via a crafted font, aka…

  • CVE-2016-0808MedFeb 7, 2016
    risk 0.40cvss 6.2epss 0.00

    Integer overflow in the getCoverageFormat12 function in CmapCoverage.cpp in the Minikin library in Android 5.x before 5.1.1 LMY49G and 6.x before 2016-02-01 allows attackers to cause a denial of service (continuous rebooting) via an application that triggers loading of a crafted…

  • CVE-2023-21339Oct 30, 2023
    risk 0.00cvss epss 0.00

    In Minikin, there is a possible way to trigger ANR by showing a malicious message due to resource exhaustion. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.