In skiaallocfunc of SkDeflate.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "245486692926100039007742811449388612901", "294213052252660620709435918358324505446", "79733914895843489633987636176584856289", "36916278731046622565152283442075511269", "111827303233559505537936586512190658783", "216572286767335958811174421288739920060", "153014274211960944691051419373588606095" ] }, "id": "ASB-A-349678452-844af375", "source": "https://android.googlesource.com/platform/external/skia/+/b5543cb8c6b95623743016055220378efe73eb93", "deprecated": false, "signature_version": "v1", "target": { "file": "src/pdf/SkDeflate.cpp" }, "signature_type": "Line" }, { "match_only_versions": [ "12" ], "digest": { "length": 150.0, "function_hash": "177381958124754469005351273126681564475" }, "id": "ASB-A-349678452-9a76ea81", "source": "https://android.googlesource.com/platform/external/skia/+/b5543cb8c6b95623743016055220378efe73eb93", "deprecated": false, "signature_version": "v1", "target": { "file": "src/pdf/SkDeflate.cpp", "function": "skia_alloc_func" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/external/skia/+/b5543cb8c6b95623743016055220378efe73eb93" ], "spl": "2024-12-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "match_only_versions": [ "12L" ], "digest": { "length": 150.0, "function_hash": "177381958124754469005351273126681564475" }, "id": "ASB-A-349678452-7822cbb4", "source": "https://android.googlesource.com/platform/external/skia/+/b5543cb8c6b95623743016055220378efe73eb93", "deprecated": false, "signature_version": "v1", "target": { "file": "src/pdf/SkDeflate.cpp", "function": "skia_alloc_func" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "245486692926100039007742811449388612901", "294213052252660620709435918358324505446", "79733914895843489633987636176584856289", "36916278731046622565152283442075511269", "111827303233559505537936586512190658783", "216572286767335958811174421288739920060", "153014274211960944691051419373588606095" ] }, "id": "ASB-A-349678452-edd421bf", "source": "https://android.googlesource.com/platform/external/skia/+/b5543cb8c6b95623743016055220378efe73eb93", "deprecated": false, "signature_version": "v1", "target": { "file": "src/pdf/SkDeflate.cpp" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/external/skia/+/b5543cb8c6b95623743016055220378efe73eb93" ], "spl": "2024-12-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "245486692926100039007742811449388612901", "294213052252660620709435918358324505446", "79733914895843489633987636176584856289", "36916278731046622565152283442075511269", "111827303233559505537936586512190658783", "216572286767335958811174421288739920060", "153014274211960944691051419373588606095" ] }, "id": "ASB-A-349678452-42b8b62e", "source": "https://android.googlesource.com/platform/external/skia/+/b5543cb8c6b95623743016055220378efe73eb93", "deprecated": false, "signature_version": "v1", "target": { "file": "src/pdf/SkDeflate.cpp" }, "signature_type": "Line" }, { "match_only_versions": [ "15" ], "digest": { "length": 150.0, "function_hash": "177381958124754469005351273126681564475" }, "id": "ASB-A-349678452-d0d4b834", "source": "https://android.googlesource.com/platform/external/skia/+/b5543cb8c6b95623743016055220378efe73eb93", "deprecated": false, "signature_version": "v1", "target": { "file": "src/pdf/SkDeflate.cpp", "function": "skia_alloc_func" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/external/skia/+/b5543cb8c6b95623743016055220378efe73eb93" ], "spl": "2024-12-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "245486692926100039007742811449388612901", "294213052252660620709435918358324505446", "79733914895843489633987636176584856289", "36916278731046622565152283442075511269", "111827303233559505537936586512190658783", "216572286767335958811174421288739920060", "153014274211960944691051419373588606095" ] }, "id": "ASB-A-349678452-4c1de168", "source": "https://android.googlesource.com/platform/external/skia/+/b5543cb8c6b95623743016055220378efe73eb93", "deprecated": false, "signature_version": "v1", "target": { "file": "src/pdf/SkDeflate.cpp" }, "signature_type": "Line" }, { "match_only_versions": [ "13" ], "digest": { "length": 150.0, "function_hash": "177381958124754469005351273126681564475" }, "id": "ASB-A-349678452-fde608be", "source": "https://android.googlesource.com/platform/external/skia/+/b5543cb8c6b95623743016055220378efe73eb93", "deprecated": false, "signature_version": "v1", "target": { "file": "src/pdf/SkDeflate.cpp", "function": "skia_alloc_func" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/external/skia/+/b5543cb8c6b95623743016055220378efe73eb93" ], "spl": "2024-12-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "245486692926100039007742811449388612901", "294213052252660620709435918358324505446", "79733914895843489633987636176584856289", "36916278731046622565152283442075511269", "111827303233559505537936586512190658783", "216572286767335958811174421288739920060", "153014274211960944691051419373588606095" ] }, "id": "ASB-A-349678452-1a15d1c8", "source": "https://android.googlesource.com/platform/external/skia/+/b5543cb8c6b95623743016055220378efe73eb93", "deprecated": false, "signature_version": "v1", "target": { "file": "src/pdf/SkDeflate.cpp" }, "signature_type": "Line" }, { "match_only_versions": [ "14" ], "digest": { "length": 150.0, "function_hash": "177381958124754469005351273126681564475" }, "id": "ASB-A-349678452-bcdc976f", "source": "https://android.googlesource.com/platform/external/skia/+/b5543cb8c6b95623743016055220378efe73eb93", "deprecated": false, "signature_version": "v1", "target": { "file": "src/pdf/SkDeflate.cpp", "function": "skia_alloc_func" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/external/skia/+/b5543cb8c6b95623743016055220378efe73eb93" ], "spl": "2024-12-01", "severity": "High", "types": [ "EoP" ] }