Out of Bounds Write in Skia Alloc Function of Android Products
CVE-2024-43768

7.8HIGH

Key Information:

Vendor: Google
Status: Android
Vendor: CVE Published:; 3 January 2025

Summary

The vulnerability is located in the skia_alloc_func of SkDeflate.cpp, where an integer overflow may lead to an out of bounds write. This flaw has the potential to enable local privilege escalation without requiring additional execution privileges. Exploitation does not necessitate user interaction, which raises concerns about the security posture of affected Android devices. This vulnerability highlights the need for prompt remediation measures to safeguard against potential attacks that may exploit this weakness.

Affected Version(s)

Android 15

Android 14

Android 13

References

https://android.googlesource.com/platform/external/skia/+...

https://source.android.com/security/bulletin/2024-12-01

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 3, 2025

Collectors

NVD DatabaseMitre Database