CVE-2016-0808

Name of the Vulnerable Software and Affected Versions Android versions prior to 5.1.1 LMY49G Android 6.x versions prior to 2016-02-01

Description The issue is caused by an integer overflow in the getCoverageFormat12 function in CmapCoverage.cpp of the Minikin library in Android. This can be exploited by a local attacker to cause a denial of service, resulting in continuous rebooting, by loading a specially crafted TTF font via an application.

Recommendations For Android versions prior to 5.1.1 LMY49G, update to version 5.1.1 LMY49G or later. For Android 6.x versions prior to 2016-02-01, update to a version released after 2016-02-01. As a temporary workaround, consider restricting the loading of TTF fonts from untrusted sources to minimize the risk of exploitation.