In resizeToAtLeast of SkRegion.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "match_only_versions": [ "12" ], "digest": { "threshold": 0.9, "line_hashes": [ "20444537743571030419082478851202225654", "2141729682397009313921058090542615410", "165677424124438213383043347907327501743", "113967055573560121716510859654132651808" ] }, "id": "ASB-A-350118416-499eb826", "source": "https://android.googlesource.com/platform/external/skia/+/8d355fe1d0795fc30b84194b87563f75c6f8f2a7", "deprecated": false, "signature_version": "v1", "target": { "file": "src/core/SkRegion.cpp" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/external/skia/+/8d355fe1d0795fc30b84194b87563f75c6f8f2a7" ], "spl": "2024-12-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "match_only_versions": [ "12L" ], "digest": { "threshold": 0.9, "line_hashes": [ "20444537743571030419082478851202225654", "2141729682397009313921058090542615410", "165677424124438213383043347907327501743", "113967055573560121716510859654132651808" ] }, "id": "ASB-A-350118416-9a4d689f", "source": "https://android.googlesource.com/platform/external/skia/+/8d355fe1d0795fc30b84194b87563f75c6f8f2a7", "deprecated": false, "signature_version": "v1", "target": { "file": "src/core/SkRegion.cpp" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/external/skia/+/8d355fe1d0795fc30b84194b87563f75c6f8f2a7" ], "spl": "2024-12-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "match_only_versions": [ "15" ], "digest": { "threshold": 0.9, "line_hashes": [ "20444537743571030419082478851202225654", "2141729682397009313921058090542615410", "165677424124438213383043347907327501743", "113967055573560121716510859654132651808" ] }, "id": "ASB-A-350118416-edbaba01", "source": "https://android.googlesource.com/platform/external/skia/+/8d355fe1d0795fc30b84194b87563f75c6f8f2a7", "deprecated": false, "signature_version": "v1", "target": { "file": "src/core/SkRegion.cpp" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/external/skia/+/8d355fe1d0795fc30b84194b87563f75c6f8f2a7" ], "spl": "2024-12-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "match_only_versions": [ "13" ], "digest": { "threshold": 0.9, "line_hashes": [ "20444537743571030419082478851202225654", "2141729682397009313921058090542615410", "165677424124438213383043347907327501743", "113967055573560121716510859654132651808" ] }, "id": "ASB-A-350118416-c781a554", "source": "https://android.googlesource.com/platform/external/skia/+/8d355fe1d0795fc30b84194b87563f75c6f8f2a7", "deprecated": false, "signature_version": "v1", "target": { "file": "src/core/SkRegion.cpp" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/external/skia/+/8d355fe1d0795fc30b84194b87563f75c6f8f2a7" ], "spl": "2024-12-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "match_only_versions": [ "14" ], "digest": { "threshold": 0.9, "line_hashes": [ "20444537743571030419082478851202225654", "2141729682397009313921058090542615410", "165677424124438213383043347907327501743", "113967055573560121716510859654132651808" ] }, "id": "ASB-A-350118416-c9e6945a", "source": "https://android.googlesource.com/platform/external/skia/+/8d355fe1d0795fc30b84194b87563f75c6f8f2a7", "deprecated": false, "signature_version": "v1", "target": { "file": "src/core/SkRegion.cpp" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/external/skia/+/8d355fe1d0795fc30b84194b87563f75c6f8f2a7" ], "spl": "2024-12-01", "severity": "High", "types": [ "EoP" ] }