{"id":"ASB-A-388480622", "published":"2025-04-01T00:00:00Z", "modified":"2026-04-30T15:48:46.890647439Z", "aliases":["CVE-2025-26416", "A-388480622"], "details":"In initializeSwizzler of SkBmpStandardCodec.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/external/skia", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"15-next:0"}, {"fixed":"15-next:2025-04-01"}]}], "versions":["15-next"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/external/skia/+/bfae9080f53da925d53c24537e901a5015aa9311"], "severity":"Critical", "spl":"2025-04-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"177561997836789650145611253905413223099", "length":549}, "id":"ASB-A-388480622-095f111b", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/skia/+/bfae9080f53da925d53c24537e901a5015aa9311", "target":{"file":"src/codec/SkBmpStandardCodec.cpp", "function":"SkBmpStandardCodec::initializeSwizzler"}}, {"deprecated":false, "digest":{"line_hashes":["286849986559465055291989942090731074382", "52764690829941560468026037836866162379", "113349593332524221481260156528832118053", "78828537805330186747886145317844987192"], "threshold":0.9}, "id":"ASB-A-388480622-dba6be3b", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/skia/+/bfae9080f53da925d53c24537e901a5015aa9311", "target":{"file":"src/codec/SkBmpStandardCodec.cpp"}}]}}, {"package":{"name":"platform/external/skia", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"15:0"}, {"fixed":"15:2025-04-01"}]}], "versions":["15"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/external/skia/+/bfae9080f53da925d53c24537e901a5015aa9311"], "severity":"Critical", "spl":"2025-04-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["286849986559465055291989942090731074382", "52764690829941560468026037836866162379", "113349593332524221481260156528832118053", "78828537805330186747886145317844987192"], "threshold":0.9}, "id":"ASB-A-388480622-4f2393fe", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/skia/+/bfae9080f53da925d53c24537e901a5015aa9311", "target":{"file":"src/codec/SkBmpStandardCodec.cpp"}}, {"deprecated":false, "digest":{"function_hash":"177561997836789650145611253905413223099", "length":549}, "id":"ASB-A-388480622-bc9521d9", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/skia/+/bfae9080f53da925d53c24537e901a5015aa9311", "target":{"file":"src/codec/SkBmpStandardCodec.cpp", "function":"SkBmpStandardCodec::initializeSwizzler"}}]}}, {"package":{"name":"platform/external/skia", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13:0"}, {"fixed":"13:2025-04-01"}]}], "versions":["13"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/external/skia/+/d44bab0332f621d653fc398243e287f290fc0c24"], "severity":"Critical", "spl":"2025-04-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"177561997836789650145611253905413223099", "length":549}, "id":"ASB-A-388480622-5379d2f2", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/skia/+/d44bab0332f621d653fc398243e287f290fc0c24", "target":{"file":"src/codec/SkBmpStandardCodec.cpp", "function":"SkBmpStandardCodec::initializeSwizzler"}}, {"deprecated":false, "digest":{"line_hashes":["286849986559465055291989942090731074382", "52764690829941560468026037836866162379", "113349593332524221481260156528832118053", "78828537805330186747886145317844987192"], "threshold":0.9}, "id":"ASB-A-388480622-f8972a36", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/skia/+/d44bab0332f621d653fc398243e287f290fc0c24", "target":{"file":"src/codec/SkBmpStandardCodec.cpp"}}]}}, {"package":{"name":"platform/external/skia", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"14:0"}, {"fixed":"14:2025-04-01"}]}], "versions":["14"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/external/skia/+/c58deb210e62cf57de91b0eb8844b782fc774135"], "severity":"Critical", "spl":"2025-04-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["286849986559465055291989942090731074382", "52764690829941560468026037836866162379", "113349593332524221481260156528832118053", "78828537805330186747886145317844987192"], "threshold":0.9}, "id":"ASB-A-388480622-b1904a95", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/skia/+/c58deb210e62cf57de91b0eb8844b782fc774135", "target":{"file":"src/codec/SkBmpStandardCodec.cpp"}}, {"deprecated":false, "digest":{"function_hash":"177561997836789650145611253905413223099", "length":549}, "id":"ASB-A-388480622-ba5dc137", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/skia/+/c58deb210e62cf57de91b0eb8844b782fc774135", "target":{"file":"src/codec/SkBmpStandardCodec.cpp", "function":"SkBmpStandardCodec::initializeSwizzler"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2025-04-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/external/skia/+/fc2ebb312c5898486776df981a51c2bb90e3756d"}]}