Integer Overflow Vulnerability in Mapbox's gl-native Library

Integer Overflow Vulnerability in Mapbox's gl-native Library

CVE-2022-38216 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

An integer overflow exists in Mapbox's closed source gl-native library prior to version 10.6.1, which is bundled with multiple Mapbox products including open source libraries. The overflow is caused by large image height and width values when creating a new Image and allows for out of bounds writes, potentially crashing the Mapbox process.

Learn more about our Open Source Audit.