CVE-2024-43091
published 2024-11-13CVE-2024-43091: In filterMask of SkEmbossMaskFilter.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no…
PriorityP261critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.49%
38.6th percentile
In filterMask of SkEmbossMaskFilter.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| platform | external_skia | >= 12:0 < 12:2024-11-01 | 12:2024-11-01 |
| platform | external_skia | >= 12L:0 < 12L:2024-11-01 | 12L:2024-11-01 |
| platform | external_skia | >= 13:0 < 13:2024-11-01 | 13:2024-11-01 |
| platform | external_skia | >= 14:0 < 14:2024-11-01 | 14:2024-11-01 |
| platform | external_skia | >= 15-next:0 < 15-next:2024-11-01 | 15-next:2024-11-01 |
| platform | external_skia | >= 15:0 < 15:2024-11-01 | 15:2024-11-01 |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability is in filterMask() of SkEmbossMaskFilter.cpp — monitor for crashes or anomalous behavior in Skia graphics library processing on Android 12, 12L, 13, 14, and 15 ↗
- →Exploitation requires no user interaction and no additional privileges — treat any remote vector delivering crafted graphics/image content to an Android device as a potential trigger for this RCE ↗
- →Affected Android versions are 12, 12L, 13, 14, and 15 — prioritize detection and patching on devices running these versions ↗
- ·The Android Security Bulletin reference ID is A-344620577; no public PoC or exploit code was referenced in the available sources, limiting concrete IOC extraction ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-p3xf-gp9j-6r3v: In filterMask of SkEmbossMaskFilter
ghsa_unreviewed·2024-11-13
CVE-2024-43091 [HIGH] CWE-190 GHSA-p3xf-gp9j-6r3v: In filterMask of SkEmbossMaskFilter
In filterMask of SkEmbossMaskFilter.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
OSV
CVE-2024-43091: In filterMask of SkEmbossMaskFilter
osv·2024-11-01
CVE-2024-43091 CVE-2024-43091: In filterMask of SkEmbossMaskFilter
In filterMask of SkEmbossMaskFilter.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
Android
CVE-2024-43091: Android Security Bulletin 2024-11-01
CVE: CVE-2024-43091
Severity: HIGH
Type: RCE
Affected AOSP versions: 12, 12L, 13, 14, 15
References: A-344620577
vendor_android·2024-11-01·CVSS 9.8
CVE-2024-43091 [CRITICAL] CVE-2024-43091: Android Security Bulletin 2024-11-01
CVE: CVE-2024-43091
Severity: HIGH
Type: RCE
Affected AOSP versions: 12, 12L, 13, 14, 15
References: A-344620577
Android Security Bulletin 2024-11-01
CVE: CVE-2024-43091
Severity: HIGH
Type: RCE
Affected AOSP versions: 12, 12L, 13, 14, 15
References: A-344620577
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-11-13
Published