CVE-2016-2414

MEDIUM

Android Minikin Library < 5.0.2, 5.1.1, 2016-04-01 - Denial of Service via Crafted Font

Title source: llm
STIX 2.1

Description

The Minikin library in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not properly consider negative size values in font data, which allows remote attackers to cause a denial of service (memory corruption and reboot loop) via a crafted font, aka internal bug 26413177.

Scores

CVSS v3 6.2
EPSS 0.0040
EPSS Percentile 32.5%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-20
Status published
Products (6)
google/android 5.0
google/android 5.0.1
google/android 5.1
google/android 5.1.0
google/android 6.0
google/android 6.0.1
Published Apr 18, 2016
Tracked Since Feb 18, 2026