CVE-2024-43097: Integer Overflow
In resizeToAtLeast of SkRegion.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Other sources
In resizeToAtLeast of SkRegion.cpp, there was a possible out of bounds write due to an integer overflow
— Mozilla
Affected Software
Remediation
Event History
Parent advisories
This vulnerability appears in the following advisories.
Peer vulnerabilities
Found alongside the following vulnerabilities.
- CVE-2024-43097
- CVE-2025-1930
- CVE-2025-1931
- CVE-2025-1933
- CVE-2025-1937
- CVE-2025-0244
- CVE-2025-0245
- CVE-2025-0246
- CVE-2025-0237
- CVE-2025-0238
- CVE-2025-0239
- CVE-2025-0240
- CVE-2025-0241
- CVE-2025-0242
- CVE-2025-0243
- CVE-2025-0247
- CVE-2025-1932
- CVE-2025-1934
- CVE-2025-1935
- CVE-2025-1936
- CVE-2025-1938
- CVE-2025-26696
- CVE-2025-26695
Frequently Asked Questions
What is the severity of CVE-2024-43097?
CVE-2024-43097 is considered a high severity vulnerability due to the potential for local escalation of privilege.
How do I fix CVE-2024-43097?
To fix CVE-2024-43097, update affected software to the latest versions specified by the vendors, such as Android and Mozilla Firefox ESR.
What might be the impact of exploiting CVE-2024-43097?
Exploiting CVE-2024-43097 could lead to unauthorized access and privileges on the affected system.
Is user interaction required to exploit CVE-2024-43097?
No, user interaction is not required to exploit CVE-2024-43097, making it more critical.
Which products are affected by CVE-2024-43097?
CVE-2024-43097 affects Google Android, Mozilla Firefox ESR, and Mozilla Thunderbird.