CVE-2016-0808

MEDIUM

Android <5.1.1 LMY49G & <6.x - DoS

Title source: llm

Description

Integer overflow in the getCoverageFormat12 function in CmapCoverage.cpp in the Minikin library in Android 5.x before 5.1.1 LMY49G and 6.x before 2016-02-01 allows attackers to cause a denial of service (continuous rebooting) via an application that triggers loading of a crafted TTF font, aka internal bug 25645298.

References (2)

[Patch] https://android.googlesource.com/platform/frameworks/minikin/+/ed4c8d79153baab7f26562afb8930652dfbf853b

[Vendor Advisory] http://source.android.com/security/bulletin/2016-02-01.html

Scores

CVSS v3 6.2

EPSS 0.0002

EPSS Percentile 4.0%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-19

Status draft

Affected Products (8)

google/android

Timeline

Published Feb 07, 2016

Tracked Since Feb 18, 2026