Raph Levien

**Name of the Vulnerable Software and Affected Versions** Android versions prior to 5.1.1 LMY49G Android 6.x versions prior to 2016-02-01 **Description** The issue is caused by an integer overflow in the `getCoverageFormat12` function in `CmapCoverage.cpp` of the Minikin library in Android. This can be exploited by a local attacker to cause a denial of service, resulting in continuous rebooting, by loading a specially crafted TTF font via an application. **Recommendations** For Android versions prior to 5.1.1 LMY49G, update to version 5.1.1 LMY49G or later. For Android 6.x versions prior to 2016-02-01, update to a version released after 2016-02-01. As a temporary workaround, consider restricting the loading of TTF fonts from untrusted sources to minimize the risk of exploitation.