CVE-2024-43097
published 2025-01-03CVE-2024-43097: In resizeToAtLeast of SkRegion.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with…
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
In resizeToAtLeast of SkRegion.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox-esr | < firefox-esr 128.8.0esr-1~deb12u1 (bookworm) | firefox-esr 128.8.0esr-1~deb12u1 (bookworm) |
| debian | thunderbird | < firefox-esr 128.8.0esr-1~deb12u1 (bookworm) | firefox-esr 128.8.0esr-1~deb12u1 (bookworm) |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| mozilla | firefox | — | — |
| mozilla | thunderbird | >= 0 < 1:128.8.0esr-1~deb11u1 | 1:128.8.0esr-1~deb11u1 |
| mozilla | thunderbird | >= 0 < 1:128.8.0esr-1~deb12u1 | 1:128.8.0esr-1~deb12u1 |
| mozilla | thunderbird | >= 0 < 1:128.8.0esr-1 | 1:128.8.0esr-1 |
| mozilla | thunderbird | >= 0 < 1:128.8.0esr-1 | 1:128.8.0esr-1 |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv7.8HIGH
Ubuntu
Thunderbird vulnerabilities
vendor_ubuntu·2025-07-22
CVE-2025-4083 Thunderbird vulnerabilities
Title: Thunderbird vulnerabilities
Summary: Several security issues were fixed in Thunderbird.
Multiple security issues were discovered in Thunderbird. If a user were
tricked into opening a specially crafted website in a browsing context, an
attacker could potentially exploit these to cause a denial of service,
obtain sensitive information, bypass security restrictions, cross-site
tracing, or execute arbitrary code.
Instructions: This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart thunderbird to
make all the necessary changes.
Android
CVE-2024-43097: Android Security Bulletin 2024-12-01
CVE: CVE-2024-43097
Severity: HIGH
Type: EoP
Affected AOSP versions: 12, 12L, 13, 14, 15
References: A-350118416
vendor_android·2024-12-01·CVSS 7.8
CVE-2024-43097 [HIGH] CVE-2024-43097: Android Security Bulletin 2024-12-01
CVE: CVE-2024-43097
Severity: HIGH
Type: EoP
Affected AOSP versions: 12, 12L, 13, 14, 15
References: A-350118416
Android Security Bulletin 2024-12-01
CVE: CVE-2024-43097
Severity: HIGH
Type: EoP
Affected AOSP versions: 12, 12L, 13, 14, 15
References: A-350118416
Debian
CVE-2024-43097: firefox-esr - In resizeToAtLeast of SkRegion.cpp, there is a possible out of bounds write due ...
vendor_debian·2024·CVSS 7.8
CVE-2024-43097 [HIGH] CVE-2024-43097: firefox-esr - In resizeToAtLeast of SkRegion.cpp, there is a possible out of bounds write due ...
In resizeToAtLeast of SkRegion.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Scope: local
bookworm: resolved (fixed in 128.8.0esr-1~deb12u1)
bullseye: resolved (fixed in 128.8.0esr-1~deb11u1)
forky: resolved (fixed in 128.8.0esr-1)
sid: resolved (fixed in 128.8.0esr-1)
trixie: resolved (fixed in 128.8.0esr-1)
Mozilla
Mozilla Foundation Security Advisory 2025-15: CVE-2024-43097
vendor_mozilla·CVSS 7.8
CVE-2024-43097 [HIGH] Mozilla Foundation Security Advisory 2025-15: CVE-2024-43097
Mozilla Foundation Security Advisory 2025-15
CVE: CVE-2024-43097
Product: Firefox ESR
Impact: high
Fixed in: Firefox ESR 115.21
Mozilla
Mozilla Foundation Security Advisory 2025-16: CVE-2024-43097
vendor_mozilla·CVSS 7.8
CVE-2024-43097 [HIGH] Mozilla Foundation Security Advisory 2025-16: CVE-2024-43097
Mozilla Foundation Security Advisory 2025-16
CVE: CVE-2024-43097
Product: Firefox ESR
Impact: high
Fixed in: Firefox ESR 128.8
Mozilla
Mozilla Foundation Security Advisory 2025-18: CVE-2024-43097
vendor_mozilla·CVSS 7.8
CVE-2024-43097 [HIGH] Mozilla Foundation Security Advisory 2025-18: CVE-2024-43097
Mozilla Foundation Security Advisory 2025-18
CVE: CVE-2024-43097
Product: Thunderbird
Impact: high
Fixed in: Thunderbird 128.8
Mozilla
Mozilla Foundation Security Advisory 2025-01: CVE-2024-43097
vendor_mozilla·CVSS 7.8
CVE-2024-43097 [HIGH] Mozilla Foundation Security Advisory 2025-01: CVE-2024-43097
Mozilla Foundation Security Advisory 2025-01
CVE: CVE-2024-43097
Product: Firefox
Impact: high
Fixed in: Firefox 134
OSV
CVE-2024-43097: In resizeToAtLeast of SkRegion
osv·2025-01-03·CVSS 7.8
CVE-2024-43097 [HIGH] CVE-2024-43097: In resizeToAtLeast of SkRegion
In resizeToAtLeast of SkRegion.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
GHSA
GHSA-vvqr-c837-hr5q: In resizeToAtLeast of SkRegion
ghsa_unreviewed·2025-01-03
CVE-2024-43097 [HIGH] CWE-787 GHSA-vvqr-c837-hr5q: In resizeToAtLeast of SkRegion
In resizeToAtLeast of SkRegion.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
No detection rules found.
No public exploits indexed.
2025-01-03
Published