PT-2024-30292 · Google · Android
Published
2024-11-01
·
Updated
2024-12-17
·
CVE-2024-43091
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Google Android versions 12 through 15
Description
In the
filterMask function of SkEmbossMaskFilter.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Recommendations
For Google Android versions 12 through 15, patch immediately to mitigate the risk of remote exploitation. As a temporary workaround, consider restricting access to the
filterMask function in SkEmbossMaskFilter.cpp to minimize the risk of exploitation.Fix
Memory Corruption
Integer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Android