Primary

Context

Android Skia Heap Overflow Vulnerability in SkBlurMaskFilterImpl Allowing Remote Code Execution

Vulnerability

A heap overflow vulnerability has been identified in the Skia graphics library used by Android. The issue arises in the 'prepare_to_draw_into_mask' function within 'SkBlurMaskFilterImpl.cpp', where improper input validation creates the potential for a heap overflow. This vulnerability could be exploited to execute remote code without requiring additional privileges or user interaction.

Impact

Exploitation of this vulnerability could lead to remote code execution on the affected system.

Remediation

Users are advised to update to the latest version of Android where this vulnerability has been addressed. For specific update instructions, refer to the Android Security Bulletin for December 2024.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

10.0

exploitability

4.8

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

10.0

exploitability

4.8

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Android Skia Heap Overflow Vulnerability in SkBlurMaskFilterImpl Allowing Remote Code Execution

Vulnerability

Impact

Remediation

Affected Products

Google Skia

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating