{"id":"ASB-A-344620577","details":"In filterMask of SkEmbossMaskFilter.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-344620577","CVE-2024-43091"],"modified":"2026-04-03T15:37:31.002635Z","published":"2024-11-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2024-11-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/external/skia/+/0b628a960e74197ace9831ef0727f5ba7ab6ac10"}],"affected":[{"package":{"name":"platform/external/skia","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"15-next:0"},{"fixed":"15-next:2024-11-01"}]}],"versions":["15-next"],"ecosystem_specific":{"spl":"2024-11-01","fixes":["https://android.googlesource.com/platform/external/skia/+/2a0d0e41459aee6d9ea63c283dd3cc9e7eae98b9"],"types":["RCE"],"severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-344620577.json"}},{"package":{"name":"platform/external/skia","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2024-11-01"}]}],"versions":["12"],"ecosystem_specific":{"spl":"2024-11-01","fixes":["https://android.googlesource.com/platform/external/skia/+/2bc38734eec777bf2574d4b38a7fd4fc05f0ecde"],"types":["RCE"],"vanir_signatures":[{"source":"https://android.googlesource.com/platform/external/skia/+/2bc38734eec777bf2574d4b38a7fd4fc05f0ecde","target":{"file":"src/effects/SkEmbossMaskFilter.cpp","function":"SkEmbossMaskFilter::filterMask"},"deprecated":false,"id":"ASB-A-344620577-0ecc6a6f","signature_version":"v1","signature_type":"Function","digest":{"length":1221,"function_hash":"78732347906451052210981180607239984425"}},{"source":"https://android.googlesource.com/platform/external/skia/+/2bc38734eec777bf2574d4b38a7fd4fc05f0ecde","target":{"file":"src/effects/SkEmbossMaskFilter.cpp"},"deprecated":false,"id":"ASB-A-344620577-aa83942e","signature_version":"v1","signature_type":"Line","digest":{"line_hashes":["14494157935654513123308854464673911178","279325823399751052267469359811888250878","228380023518619776170140081687866249952","29867092873288618937979868586134351355","187021280865865157676648648159678703114","71096585475333243374566264465524252053","210406745084159479596954240817223713018","328622235589218379446054112867661556427"],"threshold":0.9}}],"severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-344620577.json"}},{"package":{"name":"platform/external/skia","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2024-11-01"}]}],"versions":["12L"],"ecosystem_specific":{"spl":"2024-11-01","fixes":["https://android.googlesource.com/platform/external/skia/+/8853c9af96c42caab7c11968b70e4ac33400ca4e"],"types":["RCE"],"vanir_signatures":[{"source":"https://android.googlesource.com/platform/external/skia/+/8853c9af96c42caab7c11968b70e4ac33400ca4e","target":{"file":"src/effects/SkEmbossMaskFilter.cpp"},"deprecated":false,"id":"ASB-A-344620577-17bbf723","signature_version":"v1","signature_type":"Line","digest":{"line_hashes":["14494157935654513123308854464673911178","279325823399751052267469359811888250878","228380023518619776170140081687866249952","29867092873288618937979868586134351355","187021280865865157676648648159678703114","71096585475333243374566264465524252053","210406745084159479596954240817223713018","328622235589218379446054112867661556427"],"threshold":0.9}},{"source":"https://android.googlesource.com/platform/external/skia/+/8853c9af96c42caab7c11968b70e4ac33400ca4e","target":{"file":"src/effects/SkEmbossMaskFilter.cpp","function":"SkEmbossMaskFilter::filterMask"},"deprecated":false,"id":"ASB-A-344620577-f098378c","signature_version":"v1","signature_type":"Function","digest":{"length":1221,"function_hash":"78732347906451052210981180607239984425"}}],"severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-344620577.json"}},{"package":{"name":"platform/external/skia","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"15:0"},{"fixed":"15:2024-11-01"}]}],"versions":["15"],"ecosystem_specific":{"spl":"2024-11-01","fixes":["https://android.googlesource.com/platform/external/skia/+/e36fda1a1a145ca8d708a32c26981ca9251a4f9d"],"types":["RCE"],"severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-344620577.json"}},{"package":{"name":"platform/external/skia","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2024-11-01"}]}],"versions":["13"],"ecosystem_specific":{"spl":"2024-11-01","fixes":["https://android.googlesource.com/platform/external/skia/+/5b1a9d43467d0361837c98cf89429a3dc5cc3ee4"],"types":["RCE"],"vanir_signatures":[{"source":"https://android.googlesource.com/platform/external/skia/+/5b1a9d43467d0361837c98cf89429a3dc5cc3ee4","target":{"file":"src/effects/SkEmbossMaskFilter.cpp","function":"SkEmbossMaskFilter::filterMask"},"deprecated":false,"id":"ASB-A-344620577-cfc20187","signature_version":"v1","signature_type":"Function","digest":{"length":1221,"function_hash":"78732347906451052210981180607239984425"}},{"source":"https://android.googlesource.com/platform/external/skia/+/5b1a9d43467d0361837c98cf89429a3dc5cc3ee4","target":{"file":"src/effects/SkEmbossMaskFilter.cpp"},"deprecated":false,"id":"ASB-A-344620577-fb8eb931","signature_version":"v1","signature_type":"Line","digest":{"line_hashes":["14494157935654513123308854464673911178","279325823399751052267469359811888250878","228380023518619776170140081687866249952","29867092873288618937979868586134351355","187021280865865157676648648159678703114","71096585475333243374566264465524252053","210406745084159479596954240817223713018","328622235589218379446054112867661556427"],"threshold":0.9}}],"severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-344620577.json"}},{"package":{"name":"platform/external/skia","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14:0"},{"fixed":"14:2024-11-01"}]}],"versions":["14"],"ecosystem_specific":{"spl":"2024-11-01","fixes":["https://android.googlesource.com/platform/external/skia/+/4e7ee44ba37517b04682b0877283a1b4795e0690"],"types":["RCE"],"vanir_signatures":[{"source":"https://android.googlesource.com/platform/external/skia/+/4e7ee44ba37517b04682b0877283a1b4795e0690","target":{"file":"src/effects/SkEmbossMaskFilter.cpp","function":"SkEmbossMaskFilter::filterMask"},"deprecated":false,"id":"ASB-A-344620577-74b74e7f","signature_version":"v1","signature_type":"Function","digest":{"length":1221,"function_hash":"78732347906451052210981180607239984425"}},{"source":"https://android.googlesource.com/platform/external/skia/+/4e7ee44ba37517b04682b0877283a1b4795e0690","target":{"file":"src/effects/SkEmbossMaskFilter.cpp"},"deprecated":false,"id":"ASB-A-344620577-fee5d19d","signature_version":"v1","signature_type":"Line","digest":{"line_hashes":["14494157935654513123308854464673911178","279325823399751052267469359811888250878","228380023518619776170140081687866249952","29867092873288618937979868586134351355","187021280865865157676648648159678703114","71096585475333243374566264465524252053","210406745084159479596954240817223713018","328622235589218379446054112867661556427"],"threshold":0.9}}],"severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-344620577.json"}}],"schema_version":"1.7.5"}