CVE-2024-43097
HIGHCVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3Description
In resizeToAtLeast of SkRegion.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Analysis
In resizeToAtLeast of SkRegion.cpp, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
Technical Context
This vulnerability is classified as Out-of-bounds Write (CWE-787), which allows attackers to write data beyond allocated buffer boundaries leading to code execution or crashes. In resizeToAtLeast of SkRegion.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Affected products include: Google Android.
Affected Products
Google Android.
Remediation
A vendor patch is available. Apply the latest security update as soon as possible. Validate write boundaries, use memory-safe languages, enable compiler protections (ASLR, stack canaries).
Priority Score
Vendor Status
Share
External POC / Exploit Code
Leaving vuln.today