CVE-2024-43097
thunderbird - security update
7.8
HIGH
CVSS 3.1
EPSS 0.91%
Description
In resizeToAtLeast of SkRegion.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
How to fix CVE-2024-43097
To remediate CVE-2024-43097, upgrade the affected package to a fixed version below.
- Debian/firefox-esr—upgrade to 128.8.0esr-1~deb11u1 or later
- —upgrade to 128.8.0esr-1~deb11u1 or later
- —upgrade to 128.8.0esr-1~deb12u1 or later
- —upgrade to 1:128.8.0esr-1~deb11u1 or later
- —upgrade to 1:128.8.0esr-1~deb11u1 or later
- —upgrade to 1:128.8.0esr-1~deb12u1 or later
Is CVE-2024-43097 being exploited?
Low — EPSS is 0.9%, meaning exploitation activity has not been observed at scale.
Affected packages (6)
- from 0, < 128.8.0esr-1~deb11u1
- from 0, < 128.8.0esr-1~deb11u1
- from 0, < 128.8.0esr-1~deb12u1
- from 0, < 1:128.8.0esr-1~deb11u1
- from 0, < 1:128.8.0esr-1~deb11u1
- from 0, < 1:128.8.0esr-1~deb12u1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |