PT-2022-24291 · Mapbox · Mapbox Gl-Native

Published

2022-08-16

Updated

2022-08-17

CVE-2022-38216

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Mapbox gl-native library versions prior to 10.6.1

Description An integer overflow issue exists due to large image height and width values when creating a new Image, allowing for out of bounds writes and potentially crashing the process.

Recommendations For versions prior to 10.6.1, update to version 10.6.1 or later to resolve the issue. As a temporary workaround, consider validating and limiting image height and width values to prevent the overflow.

Fix

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

CVE-2022-38216

GHSA-4696-G7JJ-XG2H

Affected Products

Mapbox Gl-Native

PT-2022-24291 · Mapbox · Mapbox Gl-Native

CVE-2022-38216

Weakness Enumeration

Related Identifiers

Affected Products

References · 6