EIP-2026-103651

PRE-CVE

Skia - Incorrect Convexity Assumptions Leading to Buffer Overflows

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-103651. PoCs published by Google Security Research.

AI-analyzed exploit summary This PoC demonstrates a stack out-of-bounds write in Skia due to incorrect convexity attribute handling after affine transformations, leading to memory corruption. The exploit leverages precision errors in RRect generation and transformation to trigger the vulnerability.

Description

Skia - Incorrect Convexity Assumptions Leading to Buffer Overflows

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textdosmultiple

https://www.exploit-db.com/exploits/46332

View Code ZIP pw:eip

This PoC demonstrates a stack out-of-bounds write in Skia due to incorrect convexity attribute handling after affine transformations, leading to memory corruption. The exploit leverages precision errors in RRect generation and transformation to trigger the vulnerability.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Skia (Chromium component)

No auth needed

Prerequisites: Target system with vulnerable Skia version

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026