Integer overflow in the BMP::readFromStream method in the libsgl.so library in Google Android SDK m3-rc37a and earlier, and m5-rc14, allows remote attackers to execute arbitrary code via a crafted BMP file with a header containing a negative offset field.
Software | From | Fixed in |
---|---|---|
google / android_sdk | - | m3-rc37a.x |
google / android_sdk | m5-rc14 | m5-rc14.x |