Headline
CVE-2022-38216: Release android-v10.6.1 · mapbox/mapbox-maps-android
An integer overflow exists in Mapbox’s closed source gl-native library prior to version 10.6.1, which is bundled with multiple Mapbox products including open source libraries. The overflow is caused by large image height and width values when creating a new Image and allows for out of bounds writes, potentially crashing the Mapbox process.
10.6.1 - July 7, 2022****Bug fixes 🐞
- Fix an issue when literal array expression is used as output inside the match expression. (1444)
- Fix possible crash bug due to image size overflow. (1482)
- Remove android.permission.WAKE_LOCK permission from the SDK. (1482)
Dependencies
- Bump gl-native to v10.6.1. (#1482)
- Bump telemetry to v8.1.4. (#1482)