ASB-A-278113033

Import Source

https://storage.googleapis.com/android-osv-test/ASB-A-278113033.json

JSON Data

https://api.osv.dev/v1/vulns/ASB-A-278113033

Aliases

A-278113033
CVE-2023-2136

Published

2023-07-01T00:00:00Z

Modified

2024-09-19T16:28:44.906806Z

Summary

Integer overflow in SkSLVMCodeGenerator

Details

In multiple functions of SkSLFunctionDefinition.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution in an unprivileged app with no additional execution privileges needed. User interaction is needed for exploitation.

References

Affected packages

Android / platform/external/skia

Package

Name: platform/external/skia

Affected ranges

Type: ECOSYSTEM
Events: Introduced

13-next:0

Fixed

13-next:2023-07-01

Affected versions

Other

13-next

Ecosystem specific

{
    "fixes": [
        "https://android.googlesource.com/platform/external/skia/+/2f8a7106dff052c157d876753daa29f8a40ed6ce"
    ],
    "spl": "2023-07-01",
    "severity": "High",
    "types": [
        "RCE"
    ]
}

Android / platform/external/skia

Package

Name: platform/external/skia

Affected ranges

Type: ECOSYSTEM
Events: Introduced

13:0

Fixed

13:2023-07-01

Affected versions

Other

13

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "274207700767484725968547747813678963344",
                    "13896126730715396721886214984214451606",
                    "258943448490022102773211310222112885857",
                    "134747482136392080401226170617619588066",
                    "119809806143601065983089843743427551874",
                    "287343538891435898700916639553646746751",
                    "283233680792608217232612293847200134596",
                    "221909843921218291873639986840426394239",
                    "301715844662221594601245308701039713771",
                    "75968915912760076757269720201874988594",
                    "116556963278985139809598117880345112112",
                    "202941620345236366623303770942616678432",
                    "150897348644622331959938440174984713892",
                    "67242710040724562996797626437555334421",
                    "123289302116800510476099392818446980348",
                    "23655703535497048509523246587218940626",
                    "251258334507664551873057247677275052120",
                    "312344524948250349199211577423095193100",
                    "236385294153429244001205327627068185308",
                    "1990530607438337487947024137020462498"
                ]
            },
            "id": "ASB-A-278113033-3a11223c",
            "source": "https://android.googlesource.com/platform/external/skia/+/e3ab186a075a174f44692bf6a31165f30f6b7ded",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/sksl/ir/SkSLFunctionDefinition.cpp"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 5600.0,
                "function_hash": "170484982733871855674172424352360805677"
            },
            "id": "ASB-A-278113033-db107b16",
            "source": "https://android.googlesource.com/platform/external/skia/+/e3ab186a075a174f44692bf6a31165f30f6b7ded",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/sksl/ir/SkSLFunctionDefinition.cpp",
                "function": "FunctionDefinition::Convert"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/external/skia/+/e3ab186a075a174f44692bf6a31165f30f6b7ded"
    ],
    "spl": "2023-07-01",
    "severity": "High",
    "types": [
        "RCE"
    ]
}