[Git][security-tracker-team/security-tracker][master] Reference new skia ITP bug
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Oct 13 19:15:58 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
97457191 by Salvatore Bonaccorso at 2025-10-13T20:14:57+02:00
Reference new skia ITP bug
Other CVEs which currently are not tracked unter src:skia and it's ITP
bug might need to be updated. OTOH those might be specific to the use of
skia in chromium/firefox.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -14640,7 +14640,7 @@ CVE-2025-35451 (PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras
CVE-2025-32320 (In System UI, there is a possible way to view other users' images due ...)
NOT-FOR-US: Android
CVE-2025-32318 (In Skia, there is a possible out of bounds write due to a heap buffer ...)
- NOT-FOR-US: Android
+ - skia <itp> (bug #1117470)
CVE-2025-32317 (In App Widget, there is a possible Information Disclosure due to a con ...)
NOT-FOR-US: Android
CVE-2025-32316 (In gralloc4, there is a possible out of bounds write due to a missing ...)
@@ -93843,11 +93843,11 @@ CVE-2024-47032 (In construct_transaction_from_cmd of lwis_ioctl.c, there is a po
CVE-2024-43769 (In isPackageDeviceAdmin of PackageManagerService.java, there is a poss ...)
NOT-FOR-US: Android
CVE-2024-43768 (In skia_alloc_func of SkDeflate.cpp, there is a possible out of bounds ...)
- NOT-FOR-US: Skia
+ - skia <itp> (bug #1117470)
NOTE: Firefox/Thunderbird embeds a copy of Skia, but the code isn't used/reachable as
NOTE: confirmed by the Mozilla security team
CVE-2024-43767 (In prepare_to_draw_into_mask of SkBlurMaskFilterImpl.cpp, there is a p ...)
- NOT-FOR-US: Skia
+ - skia <itp> (bug #1117470)
NOTE: Firefox/Thunderbird embeds a copy of Skia, but the code isn't used/reachable as
NOTE: confirmed by the Mozilla security team
CVE-2024-43764 (In onPrimaryClipChanged of ClipboardListener.java, there is a possible ...)
@@ -526900,7 +526900,7 @@ CVE-2019-9374
CVE-2019-9373 (In JobStore, there is a mismatched serialization/deserialization for t ...)
NOT-FOR-US: Android
CVE-2019-9372 (In libskia, there is a possible crash due to a missing null check. Thi ...)
- - skia <itp> (bug #818180)
+ - skia <itp> (bug #1117470)
CVE-2019-9371 (In libvpx, there is a possible resource exhaustion due to improper inp ...)
- libvpx 1.8.1-2 (low)
[buster] - libvpx 1.7.0-3+deb10u1
@@ -527092,7 +527092,7 @@ CVE-2019-9284 (In Bluetooth, there is a possible out of bounds read due to a mis
CVE-2019-9283 (In AAC Codec, there is a possible resource exhaustion due to improper ...)
NOT-FOR-US: Android
CVE-2019-9282 (In skia, there is a possible out of bounds read due to a missing bound ...)
- - skia <itp> (bug #818180)
+ - skia <itp> (bug #1117470)
CVE-2019-9281 (In GoogleContactsSyncAdapter, there is a possible path traversal due t ...)
NOT-FOR-US: Android
CVE-2019-9280 (In keyguard, there is a possible escalation of privilege due to improp ...)
@@ -536304,7 +536304,7 @@ CVE-2019-5785 (Incorrect convexity calculations in Skia in Google Chrome prior t
- firefox 65.0.1-1
- firefox-esr 60.5.1esr-1
- thunderbird 1:60.5.1-1
- - skia <itp> (bug #818180)
+ - skia <itp> (bug #1117470)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-04/#CVE-2019-5785
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-05/#CVE-2019-5785
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-06/#CVE-2019-5785
@@ -555231,7 +555231,7 @@ CVE-2018-18511 (Cross-origin images can be read from a canvas element in violati
- firefox 65.0.1-1
- firefox-esr 60.7.0esr-1
- thunderbird 1:60.7.0-1
- - skia <itp> (bug #818180)
+ - skia <itp> (bug #1117470)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-04/#CVE-2018-18511
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2018-18511
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2018-18511
@@ -555710,7 +555710,7 @@ CVE-2018-18356 (An integer overflow in path handling lead to a use after free in
- firefox 65.0.1-1
- firefox-esr 60.5.1esr-1
- thunderbird 1:60.5.1-1
- - skia <itp> (bug #818180)
+ - skia <itp> (bug #1117470)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-04/#CVE-2018-18356
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-05/#CVE-2018-18356
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-06/#CVE-2018-18356
@@ -555779,7 +555779,7 @@ CVE-2018-18335 (Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578
- chromium 71.0.3578.80-1
- firefox-esr <not-affected> (Only affects MacOS specific which had Canvas 2D acceleration enabled)
- thunderbird <not-affected> (Only affects MacOS specific which had Canvas 2D acceleration enabled)
- - skia <itp> (bug #818180)
+ - skia <itp> (bug #1117470)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-05/#CVE-2018-18335
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-06/#CVE-2018-18335
CVE-2018-18334 (A vulnerability in the Private Browser of Trend Micro Dr. Safety for A ...)
@@ -589270,7 +589270,7 @@ CVE-2018-6126 (A precision error in Skia in Google Chrome prior to 67.0.3396.62
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
- firefox 60.0.2-1
- firefox-esr 52.8.1esr-1
- - skia <itp> (bug #818180)
+ - skia <itp> (bug #1117470)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-14/
CVE-2018-6125 (Insufficient policy enforcement in USB in Google Chrome on Windows pri ...)
{DSA-4237-1}
@@ -592588,7 +592588,7 @@ CVE-2018-5095 (An integer overflow vulnerability in the Skia library when alloca
{DSA-4102-1 DSA-4096-1 DLA-1262-1 DLA-1256-1}
- firefox 58.0-1
- firefox-esr 52.6.0esr-1
- - skia <itp> (bug #818180)
+ - skia <itp> (bug #1117470)
- thunderbird 1:52.6.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5095
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5095
@@ -655866,7 +655866,7 @@ CVE-2016-9687
CVE-2016-9686 (The Puppet Communications Protocol (PCP) Broker incorrectly validates ...)
- puppet <not-affected> (Only affects Puppet Enterprise)
CVE-2017-0880 (A denial of service vulnerability in the Android media framework (libs ...)
- - skia <itp> (bug #818180)
+ - skia <itp> (bug #1117470)
CVE-2017-0879 (An information disclosure vulnerability in the Android media framework ...)
NOT-FOR-US: Android Media Framework
CVE-2017-0878 (A remote code execution vulnerability in the Android media framework ( ...)
@@ -656544,7 +656544,7 @@ CVE-2017-0561 (A remote code execution vulnerability in the Broadcom Wi-Fi firmw
CVE-2017-0560 (An information disclosure vulnerability in the factory reset process c ...)
NOT-FOR-US: Android
CVE-2017-0559 (An information disclosure vulnerability in libskia could enable a loca ...)
- - skia <itp> (bug #818180)
+ - skia <itp> (bug #1117470)
CVE-2017-0558 (An information disclosure vulnerability in Mediaserver could enable a ...)
NOT-FOR-US: Android Mediaserver
CVE-2017-0557 (An information disclosure vulnerability in libmpeg2 in Mediaserver cou ...)
@@ -656572,7 +656572,7 @@ CVE-2017-0550 (A remote denial of service vulnerability in libavc in Mediaserver
CVE-2017-0549 (A remote denial of service vulnerability in libavc in Mediaserver coul ...)
NOT-FOR-US: Android Mediaserver / libavc
CVE-2017-0548 (A remote denial of service vulnerability in libskia could enable an at ...)
- - skia <itp> (bug #818180)
+ - skia <itp> (bug #1117470)
CVE-2017-0547 (An information disclosure vulnerability in libmedia in Mediaserver cou ...)
NOT-FOR-US: Android Mediaserver
CVE-2017-0546 (An elevation of privilege vulnerability in SurfaceFlinger could enable ...)
@@ -666792,7 +666792,7 @@ CVE-2016-6703 (A remote code execution vulnerability in an Android runtime libra
CVE-2016-6702 (A remote code execution vulnerability in libjpeg in Android 4.x before ...)
- libjpeg-turbo <not-affected> (Android-specific patch, jpeg_open_backing_store in standard releases is just a stub)
CVE-2016-6701 (A remote code execution vulnerability in libskia in Android 7.0 before ...)
- - skia <itp> (bug #818180)
+ - skia <itp> (bug #1117470)
CVE-2016-6700 (An elevation of privilege vulnerability in libzipfile in Android 4.x b ...)
NOT-FOR-US: Android
CVE-2016-6699 (A remote code execution vulnerability in libstagefright in Mediaserver ...)
@@ -672630,7 +672630,7 @@ CVE-2016-5169 (Format string vulnerability in Google Chrome OS before 53.0.2785.
CVE-2016-5168 (Skia, as used in Google Chrome before 50.0.2661.94, allows remote atta ...)
- chromium-browser 50.0.2661.94-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
- - skia <itp> (bug #818180)
+ - skia <itp> (bug #1117470)
CVE-2016-5167 (Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785 ...)
{DSA-3660-1}
- chromium-browser 53.0.2785.89-1
@@ -694874,7 +694874,7 @@ CVE-2015-6619 (The kernel in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-
CVE-2015-6618 (Bluetooth in Android 4.4 and 5.x before 5.1.1 LMY48Z allows user-assis ...)
NOT-FOR-US: Android
CVE-2015-6617 (Skia, as used in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 ...)
- - skia <itp> (bug #818180)
+ - skia <itp> (bug #1117470)
CVE-2015-6616 (mediaserver in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 a ...)
NOT-FOR-US: mediaserver in Android
CVE-2015-6615
@@ -741107,7 +741107,7 @@ CVE-2013-6649 (Use-after-free vulnerability in the RenderSVGImage::paint functio
- libv8-3.14 <removed> (unimportant; bug #773671)
NOTE: libv8 not covered by security support
CVE-2013-6648 (SkRegion::setPath in Skia allows remote attackers to cause a denial of ...)
- - skia <itp> (bug #818180)
+ - skia <itp> (bug #1117470)
CVE-2013-6647 (A use-after-free in AnimationController::endAnimationUpdate in Google ...)
- chromium-browser <not-affected> (According to upstream bug only affected interim version, not a stable release)
CVE-2013-6646 (Use-after-free vulnerability in the Web Workers implementation in Goog ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/974571915a7342dc9f384c702c7b4c88d2eabe0f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/974571915a7342dc9f384c702c7b4c88d2eabe0f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251013/03ee1620/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list