In preparetodrawintomask of SkBlurMaskFilterImpl.cpp, there is a possible heap overflow due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "67951850197520627924208557521078872950", "143274949392399798836986099134817741296", "248859298257076398838051637270933378819", "195415217712792285653000054178767004494" ] }, "id": "ASB-A-352631932-6c613b5c", "source": "https://android.googlesource.com/platform/external/skia/+/796c2040f641bb287dba66c9823ce45e9f8b5807", "deprecated": false, "signature_version": "v1", "target": { "file": "src/core/SkBlurMF.cpp" }, "signature_type": "Line" }, { "digest": { "length": 437.0, "function_hash": "100412810341319019776688187379711923788" }, "id": "ASB-A-352631932-954dbdaa", "source": "https://android.googlesource.com/platform/external/skia/+/796c2040f641bb287dba66c9823ce45e9f8b5807", "deprecated": false, "signature_version": "v1", "target": { "file": "src/core/SkBlurMF.cpp", "function": "prepare_to_draw_into_mask" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/external/skia/+/796c2040f641bb287dba66c9823ce45e9f8b5807" ], "spl": "2024-12-01", "severity": "High", "types": [ "RCE" ] }
{ "vanir_signatures": [ { "digest": { "length": 437.0, "function_hash": "100412810341319019776688187379711923788" }, "id": "ASB-A-352631932-1cbf476d", "source": "https://android.googlesource.com/platform/external/skia/+/796c2040f641bb287dba66c9823ce45e9f8b5807", "deprecated": false, "signature_version": "v1", "target": { "file": "src/core/SkBlurMF.cpp", "function": "prepare_to_draw_into_mask" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "67951850197520627924208557521078872950", "143274949392399798836986099134817741296", "248859298257076398838051637270933378819", "195415217712792285653000054178767004494" ] }, "id": "ASB-A-352631932-d06cf38c", "source": "https://android.googlesource.com/platform/external/skia/+/796c2040f641bb287dba66c9823ce45e9f8b5807", "deprecated": false, "signature_version": "v1", "target": { "file": "src/core/SkBlurMF.cpp" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/external/skia/+/796c2040f641bb287dba66c9823ce45e9f8b5807" ], "spl": "2024-12-01", "severity": "High", "types": [ "RCE" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "67951850197520627924208557521078872950", "143274949392399798836986099134817741296", "248859298257076398838051637270933378819", "195415217712792285653000054178767004494" ] }, "id": "ASB-A-352631932-9de2dfdd", "source": "https://android.googlesource.com/platform/external/skia/+/796c2040f641bb287dba66c9823ce45e9f8b5807", "deprecated": false, "signature_version": "v1", "target": { "file": "src/core/SkBlurMF.cpp" }, "signature_type": "Line" }, { "digest": { "length": 437.0, "function_hash": "100412810341319019776688187379711923788" }, "id": "ASB-A-352631932-d85a3db2", "source": "https://android.googlesource.com/platform/external/skia/+/796c2040f641bb287dba66c9823ce45e9f8b5807", "deprecated": false, "signature_version": "v1", "target": { "file": "src/core/SkBlurMF.cpp", "function": "prepare_to_draw_into_mask" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/external/skia/+/796c2040f641bb287dba66c9823ce45e9f8b5807" ], "spl": "2024-12-01", "severity": "High", "types": [ "RCE" ] }
{ "vanir_signatures": [ { "digest": { "length": 437.0, "function_hash": "100412810341319019776688187379711923788" }, "id": "ASB-A-352631932-9f05c43b", "source": "https://android.googlesource.com/platform/external/skia/+/796c2040f641bb287dba66c9823ce45e9f8b5807", "deprecated": false, "signature_version": "v1", "target": { "file": "src/core/SkBlurMF.cpp", "function": "prepare_to_draw_into_mask" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "67951850197520627924208557521078872950", "143274949392399798836986099134817741296", "248859298257076398838051637270933378819", "195415217712792285653000054178767004494" ] }, "id": "ASB-A-352631932-cb2f9011", "source": "https://android.googlesource.com/platform/external/skia/+/796c2040f641bb287dba66c9823ce45e9f8b5807", "deprecated": false, "signature_version": "v1", "target": { "file": "src/core/SkBlurMF.cpp" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/external/skia/+/796c2040f641bb287dba66c9823ce45e9f8b5807" ], "spl": "2024-12-01", "severity": "High", "types": [ "RCE" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "67951850197520627924208557521078872950", "143274949392399798836986099134817741296", "248859298257076398838051637270933378819", "195415217712792285653000054178767004494" ] }, "id": "ASB-A-352631932-9c53b192", "source": "https://android.googlesource.com/platform/external/skia/+/796c2040f641bb287dba66c9823ce45e9f8b5807", "deprecated": false, "signature_version": "v1", "target": { "file": "src/core/SkBlurMF.cpp" }, "signature_type": "Line" }, { "digest": { "length": 437.0, "function_hash": "100412810341319019776688187379711923788" }, "id": "ASB-A-352631932-fa409e76", "source": "https://android.googlesource.com/platform/external/skia/+/796c2040f641bb287dba66c9823ce45e9f8b5807", "deprecated": false, "signature_version": "v1", "target": { "file": "src/core/SkBlurMF.cpp", "function": "prepare_to_draw_into_mask" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/external/skia/+/796c2040f641bb287dba66c9823ce45e9f8b5807" ], "spl": "2024-12-01", "severity": "High", "types": [ "RCE" ] }