CVE-2016-0808

Published: Feb 7, 2016Modified: May 6, 2026

6.2

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.5 / Impact: 3.6

Source: NVD

Description

Integer overflow in the getCoverageFormat12 function in CmapCoverage.cpp in the Minikin library in Android 5.x before 5.1.1 LMY49G and 6.x before 2016-02-01 allows attackers to cause a denial of service (continuous rebooting) via an application that triggers loading of a crafted TTF font, aka internal bug 25645298.

Affected (8)

Products: Google: Android

Google

1 product

Android

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Google Android	Version 5.0.1
Google Android	Version 5.0.2
Google Android	Version 5.0
Google Android	Version 5.1.0
Google Android	Version 5.1.1
Google Android	Version 5.1
Google Android	Version 6.0.1
Google Android	Version 6.0

Related CWEs

CWE-19

References (4)

http://source.android.com/security/bulletin/2016-02-01.html

Source: security@android.com

Vendor Advisory

https://android.googlesource.com/platform/frameworks/minikin/+/ed4c8d79153baab7f26562afb8930652dfbf853b

Source: security@android.com

http://source.android.com/security/bulletin/2016-02-01.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://android.googlesource.com/platform/frameworks/minikin/+/ed4c8d79153baab7f26562afb8930652dfbf853b

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.