CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-43767: In prepare_to_draw_into_mask of SkBlurMaskFilterImpl.cpp, there is a possible heap overflow due to improper input validation. This could lead to...

Description

In prepare_to_draw_into_mask of SkBlurMaskFilterImpl.cpp, there is a possible heap overflow due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

Classification

CVE ID: CVE-2024-43767

Affected Products

Vendor: Google

Product: Android

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.48% (scored less or equal to compared to others)

EPSS Date: 2025-02-04 (when was this score calculated)

References

https://android.googlesource.com/platform/external/skia/+/796c2040f641bb287dba66c9823ce45e9f8b5807
https://source.android.com/security/bulletin/2024-12-01

Timeline

2025-01-04 00:30:16 UTC
CVE

In prepare_to_draw_into_mask of SkBlurMaskFilterImpl.cpp, there is a possible heap overflow due to improper input validation. This could lead to...