CVE-2024-43767

Name of the Vulnerable Software and Affected Versions Skia (affected versions not specified)

Description The issue is related to a possible heap overflow due to improper input validation in the prepare to draw into mask function of SkBlurMaskFilterImpl.cpp. This could lead to remote code execution with no additional execution privileges needed. User interaction is not required for exploitation. The vulnerability is caused by a zero width/height bounds condition, which leads to mask->computeImageSize() returning zero, and subsequently, SkMask::AllocImage(0) is called without a size check, resulting in mask->fImage becoming a nullptr or invalid pointer.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.