tags:integer_overflowITWchromeskia original link: CVE-2023-6345: Integer overflow in Skia MeshOp::onCombineIfPossible newsletter link:
Exploits Club Summary:
A new RCA on Googleâs 0-Days In The Wild was posted this week covering an int overflow in Skia. When combining twoÂ
MeshOps, there is a missing check to ensure thatÂint fVertexCount wonât overflow. Later this value is used in conjunction with others for allocation.