{"id":"ASB-A-278113033","details":"In multiple functions of SkSLFunctionDefinition.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution in an unprivileged app with no additional execution privileges needed. User interaction is needed for exploitation.","aliases":["A-278113033","CVE-2023-2136"],"modified":"2026-04-10T16:16:18.068628Z","published":"2023-07-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2023-07-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/external/skia/+/cfaa1ca1ceec8ec46ffbc89f707d280007a52c83"}],"affected":[{"package":{"name":"platform/external/skia","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13-next:0"},{"fixed":"13-next:2023-07-01"}]}],"versions":["13-next"],"ecosystem_specific":{"types":["RCE"],"fixes":["https://android.googlesource.com/platform/external/skia/+/2f8a7106dff052c157d876753daa29f8a40ed6ce"],"spl":"2023-07-01","severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-278113033.json"}},{"package":{"name":"platform/external/skia","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2023-07-01"}]}],"versions":["13"],"ecosystem_specific":{"vanir_signatures":[{"id":"ASB-A-278113033-3a11223c","signature_version":"v1","target":{"file":"src/sksl/ir/SkSLFunctionDefinition.cpp"},"signature_type":"Line","digest":{"line_hashes":["274207700767484725968547747813678963344","13896126730715396721886214984214451606","258943448490022102773211310222112885857","134747482136392080401226170617619588066","119809806143601065983089843743427551874","287343538891435898700916639553646746751","283233680792608217232612293847200134596","221909843921218291873639986840426394239","301715844662221594601245308701039713771","75968915912760076757269720201874988594","116556963278985139809598117880345112112","202941620345236366623303770942616678432","150897348644622331959938440174984713892","67242710040724562996797626437555334421","123289302116800510476099392818446980348","23655703535497048509523246587218940626","251258334507664551873057247677275052120","312344524948250349199211577423095193100","236385294153429244001205327627068185308","1990530607438337487947024137020462498"],"threshold":0.9},"deprecated":false,"source":"https://android.googlesource.com/platform/external/skia/+/e3ab186a075a174f44692bf6a31165f30f6b7ded"},{"id":"ASB-A-278113033-db107b16","signature_version":"v1","target":{"function":"FunctionDefinition::Convert","file":"src/sksl/ir/SkSLFunctionDefinition.cpp"},"signature_type":"Function","digest":{"length":5600,"function_hash":"170484982733871855674172424352360805677"},"deprecated":false,"source":"https://android.googlesource.com/platform/external/skia/+/e3ab186a075a174f44692bf6a31165f30f6b7ded"}],"types":["RCE"],"fixes":["https://android.googlesource.com/platform/external/skia/+/e3ab186a075a174f44692bf6a31165f30f6b7ded"],"spl":"2023-07-01","severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-278113033.json"}}],"schema_version":"1.7.5"}