{"id":"ASB-A-344620577","details":"In filterMask of SkEmbossMaskFilter.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-344620577","CVE-2024-43091"],"modified":"2026-05-22T15:55:21.353668239Z","published":"2024-11-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2024-11-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/external/skia/+/0b628a960e74197ace9831ef0727f5ba7ab6ac10"}],"affected":[{"package":{"name":"platform/external/skia","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"15-next:0"},{"fixed":"15-next:2024-11-01"}]}],"versions":["15-next"],"ecosystem_specific":{"severity":"High","spl":"2024-11-01","types":["RCE"],"fixes":["https://android.googlesource.com/platform/external/skia/+/2a0d0e41459aee6d9ea63c283dd3cc9e7eae98b9"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-344620577.json"}},{"package":{"name":"platform/external/skia","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2024-11-01"}]}],"versions":["12"],"ecosystem_specific":{"severity":"High","fixes":["https://android.googlesource.com/platform/external/skia/+/2bc38734eec777bf2574d4b38a7fd4fc05f0ecde"],"types":["RCE"],"spl":"2024-11-01","vanir_signatures":[{"digest":{"length":1221,"function_hash":"78732347906451052210981180607239984425"},"source":"https://android.googlesource.com/platform/external/skia/+/2bc38734eec777bf2574d4b38a7fd4fc05f0ecde","target":{"function":"SkEmbossMaskFilter::filterMask","file":"src/effects/SkEmbossMaskFilter.cpp"},"signature_version":"v1","signature_type":"Function","id":"ASB-A-344620577-0ecc6a6f","deprecated":false},{"digest":{"threshold":0.9,"line_hashes":["14494157935654513123308854464673911178","279325823399751052267469359811888250878","228380023518619776170140081687866249952","29867092873288618937979868586134351355","187021280865865157676648648159678703114","71096585475333243374566264465524252053","210406745084159479596954240817223713018","328622235589218379446054112867661556427"]},"deprecated":false,"target":{"file":"src/effects/SkEmbossMaskFilter.cpp"},"signature_version":"v1","source":"https://android.googlesource.com/platform/external/skia/+/2bc38734eec777bf2574d4b38a7fd4fc05f0ecde","signature_type":"Line","id":"ASB-A-344620577-aa83942e"}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-344620577.json"}},{"package":{"name":"platform/external/skia","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2024-11-01"}]}],"versions":["12L"],"ecosystem_specific":{"severity":"High","fixes":["https://android.googlesource.com/platform/external/skia/+/8853c9af96c42caab7c11968b70e4ac33400ca4e"],"types":["RCE"],"spl":"2024-11-01","vanir_signatures":[{"digest":{"threshold":0.9,"line_hashes":["14494157935654513123308854464673911178","279325823399751052267469359811888250878","228380023518619776170140081687866249952","29867092873288618937979868586134351355","187021280865865157676648648159678703114","71096585475333243374566264465524252053","210406745084159479596954240817223713018","328622235589218379446054112867661556427"]},"source":"https://android.googlesource.com/platform/external/skia/+/8853c9af96c42caab7c11968b70e4ac33400ca4e","target":{"file":"src/effects/SkEmbossMaskFilter.cpp"},"signature_version":"v1","signature_type":"Line","id":"ASB-A-344620577-17bbf723","deprecated":false},{"digest":{"length":1221,"function_hash":"78732347906451052210981180607239984425"},"deprecated":false,"signature_type":"Function","signature_version":"v1","target":{"file":"src/effects/SkEmbossMaskFilter.cpp","function":"SkEmbossMaskFilter::filterMask"},"source":"https://android.googlesource.com/platform/external/skia/+/8853c9af96c42caab7c11968b70e4ac33400ca4e","id":"ASB-A-344620577-f098378c"}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-344620577.json"}},{"package":{"name":"platform/external/skia","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"15:0"},{"fixed":"15:2024-11-01"}]}],"versions":["15"],"ecosystem_specific":{"severity":"High","types":["RCE"],"spl":"2024-11-01","fixes":["https://android.googlesource.com/platform/external/skia/+/e36fda1a1a145ca8d708a32c26981ca9251a4f9d"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-344620577.json"}},{"package":{"name":"platform/external/skia","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2024-11-01"}]}],"versions":["13"],"ecosystem_specific":{"severity":"High","vanir_signatures":[{"digest":{"length":1221,"function_hash":"78732347906451052210981180607239984425"},"source":"https://android.googlesource.com/platform/external/skia/+/5b1a9d43467d0361837c98cf89429a3dc5cc3ee4","target":{"file":"src/effects/SkEmbossMaskFilter.cpp","function":"SkEmbossMaskFilter::filterMask"},"signature_version":"v1","signature_type":"Function","id":"ASB-A-344620577-cfc20187","deprecated":false},{"id":"ASB-A-344620577-fb8eb931","source":"https://android.googlesource.com/platform/external/skia/+/5b1a9d43467d0361837c98cf89429a3dc5cc3ee4","signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["14494157935654513123308854464673911178","279325823399751052267469359811888250878","228380023518619776170140081687866249952","29867092873288618937979868586134351355","187021280865865157676648648159678703114","71096585475333243374566264465524252053","210406745084159479596954240817223713018","328622235589218379446054112867661556427"]},"deprecated":false,"target":{"file":"src/effects/SkEmbossMaskFilter.cpp"}}],"types":["RCE"],"spl":"2024-11-01","fixes":["https://android.googlesource.com/platform/external/skia/+/5b1a9d43467d0361837c98cf89429a3dc5cc3ee4"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-344620577.json"}},{"package":{"name":"platform/external/skia","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14:0"},{"fixed":"14:2024-11-01"}]}],"versions":["14"],"ecosystem_specific":{"severity":"High","spl":"2024-11-01","fixes":["https://android.googlesource.com/platform/external/skia/+/4e7ee44ba37517b04682b0877283a1b4795e0690"],"types":["RCE"],"vanir_signatures":[{"digest":{"length":1221,"function_hash":"78732347906451052210981180607239984425"},"source":"https://android.googlesource.com/platform/external/skia/+/4e7ee44ba37517b04682b0877283a1b4795e0690","signature_type":"Function","signature_version":"v1","id":"ASB-A-344620577-74b74e7f","target":{"function":"SkEmbossMaskFilter::filterMask","file":"src/effects/SkEmbossMaskFilter.cpp"},"deprecated":false},{"digest":{"threshold":0.9,"line_hashes":["14494157935654513123308854464673911178","279325823399751052267469359811888250878","228380023518619776170140081687866249952","29867092873288618937979868586134351355","187021280865865157676648648159678703114","71096585475333243374566264465524252053","210406745084159479596954240817223713018","328622235589218379446054112867661556427"]},"deprecated":false,"target":{"file":"src/effects/SkEmbossMaskFilter.cpp"},"signature_version":"v1","source":"https://android.googlesource.com/platform/external/skia/+/4e7ee44ba37517b04682b0877283a1b4795e0690","signature_type":"Line","id":"ASB-A-344620577-fee5d19d"}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-344620577.json"}}],"schema_version":"1.7.5"}