CVE-2024-43097Out-of-bounds Write in Google Android

CWE-787Out-of-bounds Write12 documents9 sources
Severity
7.8HIGHNVD
EPSS
0.9%
top 24.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla ThunderbirdGoogle Android
Timeline
PublishedJan 3
Latest updateJul 22

Description

In resizeToAtLeast of SkRegion.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

Debianmozilla/thunderbird< 1:128.8.0esr-1~deb11u1+3
CVEListV5google/android5 versions+4
NVDgoogle/android5 versions+4

Patches

Patch: android.googlesource.com

🔴Vulnerability Details

3
OSV
CVE-2024-43097: In resizeToAtLeast of SkRegion2025-01-03
GHSA
GHSA-vvqr-c837-hr5q: In resizeToAtLeast of SkRegion2025-01-03
CVEList
CVE-2024-43097: In resizeToAtLeast of SkRegion2025-01-02

📋Vendor Advisories

7
Ubuntu
Thunderbird vulnerabilities2025-07-22
Android
CVE-2024-43097: Android Security Bulletin 2024-12-01 CVE: CVE-2024-43097 Severity: HIGH Type: EoP Affected AOSP versions: 12, 12L, 13, 14, 15 References: A-3501184162024-12-01
Debian
CVE-2024-43097: firefox-esr - In resizeToAtLeast of SkRegion.cpp, there is a possible out of bounds write due ...2024
Mozilla
Mozilla Foundation Security Advisory 2025-15: CVE-2024-43097
Mozilla
Mozilla Foundation Security Advisory 2025-16: CVE-2024-43097

💬Community

1
Bugzilla
CVE-2024-43097: Prevent overflow when growing an SkRegion's RunArray2025-02-03
CVE-2024-43097 — Out-of-bounds Write in Google Android | cvebase