CVE-2024-43767

Published Jan 3, 2025

Last updated 9 days ago

Overview

Description
In prepare_to_draw_into_mask of SkBlurMaskFilterImpl.cpp, there is a possible heap overflow due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
Source
security@android.com
NVD status
Awaiting Analysis

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-120

Social media

Hype score
Not currently trending
  1. CVE-2024-43767 (CVSS:8.8, HIGH) is Awaiting Analysis. In prepare_to_draw_into_mask of SkBlurMaskFilterImpl.cpp, there is a possible heap overflow due to improper input valida..https://t.co/ST75cXzDqP #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre

    @cracbot

    8 Jan 2025

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. A severe vulnerability was disclosed for Google Android (CVE-2024-43767) https://t.co/POyl6F0guv

    @vuldb

    3 Jan 2025

    99 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CVE-2024-43767 In prepare_to_draw_into_mask of SkBlurMaskFilterImpl.cpp, there is a possible heap overflow due to improper input validation. This could lead to remote code execution… https://t.co/CQ6VF0XTdp

    @CVEnew

    3 Jan 2025

    316 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Android Dec 2024 Security Update #Google has released a critical security patch addressing 14 high-severity vulnerabilities. These include a remote code execution flaw (CVE-2024-43767) in the System component and privilege escalation issues in Framework, MediaTek, Qualcomm, and…

    @StellDex_HQ

    14 Dec 2024

    76 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Google’s Android 15 update brings major security and privacy upgrades, including real-time, on-device threat monitoring for malware and scam calls. The December 2024 update addresses several vulnerabilities, notably CVE-2024-43767, which could lead to remote code execution.… htt

    @MonkeysInsight

    4 Dec 2024

    106 Impressions

    0 Retweets

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes