cbcvebase.
CVE-2024-43091
published 2024-11-13

CVE-2024-43091: In filterMask of SkEmbossMaskFilter.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no…

PriorityP261critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.49%
38.6th percentile
In filterMask of SkEmbossMaskFilter.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected

17 ranges
VendorProductVersion rangeFixed in
googleandroid
googleandroid
googleandroid
googleandroid
googleandroid
googleandroid
googleandroid
googleandroid
googleandroid
googleandroid
googleandroid
platformexternal_skia>= 12:0 < 12:2024-11-0112:2024-11-01
platformexternal_skia>= 12L:0 < 12L:2024-11-0112L:2024-11-01
platformexternal_skia>= 13:0 < 13:2024-11-0113:2024-11-01
platformexternal_skia>= 14:0 < 14:2024-11-0114:2024-11-01
platformexternal_skia>= 15-next:0 < 15-next:2024-11-0115-next:2024-11-01
platformexternal_skia>= 15:0 < 15:2024-11-0115:2024-11-01

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability is in filterMask() of SkEmbossMaskFilter.cpp — monitor for crashes or anomalous behavior in Skia graphics library processing on Android 12, 12L, 13, 14, and 15
  • Exploitation requires no user interaction and no additional privileges — treat any remote vector delivering crafted graphics/image content to an Android device as a potential trigger for this RCE
  • Affected Android versions are 12, 12L, 13, 14, and 15 — prioritize detection and patching on devices running these versions
  • ·The Android Security Bulletin reference ID is A-344620577; no public PoC or exploit code was referenced in the available sources, limiting concrete IOC extraction
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.