CVE-2008-0986

Name of the Vulnerable Software and Affected Versions Android SDK versions prior to m3-rc37a and m5-rc14

Description The issue is related to an integer overflow in the BMP::readFromStream method within the libsgl.so library. This allows remote attackers to execute arbitrary code by providing a crafted BMP file that contains a header with a negative offset field.

Recommendations For Android SDK versions prior to m3-rc37a and m5-rc14, consider restricting the use of the BMP::readFromStream method until a patch is available. Avoid processing BMP files from untrusted sources to minimize the risk of exploitation.