Cyber Resilience

CVE-2024-43767

HighRCE

Published: 03 January 2025

Published
03 January 2025
Modified
21 April 2025
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0091 76.3th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-43767 is a high-severity Code Injection (CWE-94) vulnerability in Google Android. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 23.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-43767 is a heap overflow vulnerability in the prepare_to_draw_into_mask function of SkBlurMaskFilterImpl.cpp within the Skia graphics library, as integrated in the Android platform's external Skia component. The flaw arises from improper input validation and has a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), mapped to CWE-94 (Code Injection).

A remote attacker with network access can exploit this vulnerability with low attack complexity and no required privileges. Although the description states that user interaction is not needed, the CVSS vector specifies UI:R. Successful exploitation could result in remote code execution, compromising confidentiality, integrity, and availability to a high degree without needing additional execution privileges.

The Android security bulletin for December 2024-01 addresses this issue, and a patch is available in Skia via the commit at https://android.googlesource.com/platform/external/skia/+/796c2040f641bb287dba66c9823ce45e9f8b5807. Security practitioners should apply these updates promptly to affected Android devices.

EU & UK References

Vulnerability details

In prepare_to_draw_into_mask of SkBlurMaskFilterImpl.cpp, there is a possible heap overflow due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?

Heap overflow in Skia graphics library enables remote code execution on Android client via crafted input (e.g., image data), directly mapping to exploitation for client execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-0122Same product: Google Android
CVE-2025-36897Same product: Google Android
CVE-2024-43770Same product: Google Android
CVE-2024-43771Same product: Google Android
CVE-2024-49747Same product: Google Android
CVE-2025-0084Same product: Google Android
CVE-2024-49749Same product: Google Android
CVE-2025-0074Same product: Google Android
CVE-2024-53842Same product: Google Android
CVE-2025-48602Same product: Google Android

Affected Assets

google
android
12.0, 12.1, 13.0, 14.0, 15.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of inputs to the Skia graphics library's prepare_to_draw_into_mask function, preventing the heap overflow due to improper input validation.

prevent

Mandates timely flaw remediation, including applying the available Skia patch to eliminate the heap overflow vulnerability.

prevent

Implements memory protection mechanisms that mitigate exploitation of the heap overflow for remote code execution.

References