In resizeToAtLeast of SkRegion.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "severity": "High", "vanir_signatures": [ { "source": "https://android.googlesource.com/platform/external/skia/+/85802e6d648a7831a26cc856fa5e33da94ed23f0", "deprecated": false, "signature_version": "v1", "digest": { "threshold": 0.9, "line_hashes": [ "20444537743571030419082478851202225654", "2141729682397009313921058090542615410", "165677424124438213383043347907327501743", "113967055573560121716510859654132651808" ] }, "target": { "file": "src/core/SkRegion.cpp" }, "signature_type": "Line", "match_only_versions": [ "12" ], "id": "ASB-A-350118416-76d7ed97" } ], "spl": "2024-12-01", "types": [ "EoP" ], "fixes": [ "https://android.googlesource.com/platform/external/skia/+/85802e6d648a7831a26cc856fa5e33da94ed23f0" ] }
{ "severity": "High", "vanir_signatures": [ { "source": "https://android.googlesource.com/platform/external/skia/+/85802e6d648a7831a26cc856fa5e33da94ed23f0", "deprecated": false, "signature_version": "v1", "digest": { "threshold": 0.9, "line_hashes": [ "20444537743571030419082478851202225654", "2141729682397009313921058090542615410", "165677424124438213383043347907327501743", "113967055573560121716510859654132651808" ] }, "target": { "file": "src/core/SkRegion.cpp" }, "signature_type": "Line", "match_only_versions": [ "12L" ], "id": "ASB-A-350118416-3d713144" } ], "spl": "2024-12-01", "types": [ "EoP" ], "fixes": [ "https://android.googlesource.com/platform/external/skia/+/85802e6d648a7831a26cc856fa5e33da94ed23f0" ] }
{ "severity": "High", "vanir_signatures": [ { "source": "https://android.googlesource.com/platform/external/skia/+/85802e6d648a7831a26cc856fa5e33da94ed23f0", "deprecated": false, "signature_version": "v1", "digest": { "threshold": 0.9, "line_hashes": [ "20444537743571030419082478851202225654", "2141729682397009313921058090542615410", "165677424124438213383043347907327501743", "113967055573560121716510859654132651808" ] }, "target": { "file": "src/core/SkRegion.cpp" }, "signature_type": "Line", "match_only_versions": [ "13" ], "id": "ASB-A-350118416-88642ea6" } ], "spl": "2024-12-01", "types": [ "EoP" ], "fixes": [ "https://android.googlesource.com/platform/external/skia/+/85802e6d648a7831a26cc856fa5e33da94ed23f0" ] }
{ "severity": "High", "vanir_signatures": [ { "source": "https://android.googlesource.com/platform/external/skia/+/85802e6d648a7831a26cc856fa5e33da94ed23f0", "deprecated": false, "signature_version": "v1", "digest": { "threshold": 0.9, "line_hashes": [ "20444537743571030419082478851202225654", "2141729682397009313921058090542615410", "165677424124438213383043347907327501743", "113967055573560121716510859654132651808" ] }, "target": { "file": "src/core/SkRegion.cpp" }, "signature_type": "Line", "match_only_versions": [ "14" ], "id": "ASB-A-350118416-80633257" } ], "spl": "2024-12-01", "types": [ "EoP" ], "fixes": [ "https://android.googlesource.com/platform/external/skia/+/85802e6d648a7831a26cc856fa5e33da94ed23f0" ] }