EIP-2026-103652

PRE-CVE

Skia Graphics Library - Heap Overflow due to Rounding Error in SkEdge::setLine

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-103652. PoCs published by Google Security Research.

AI-analyzed exploit summary This PoC demonstrates a heap overflow in Skia's SkARGB32_Shader_Blitter::blitH due to a rounding error in SkEdge::setLine. It triggers the vulnerability by drawing a specific path with a gradient shader, leading to a heap-buffer-overflow as confirmed by AddressSanitizer.

Description

Skia Graphics Library - Heap Overflow due to Rounding Error in SkEdge::setLine

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · cdosmultiple

https://www.exploit-db.com/exploits/42070

View Code ZIP pw:eip

This PoC demonstrates a heap overflow in Skia's SkARGB32_Shader_Blitter::blitH due to a rounding error in SkEdge::setLine. It triggers the vulnerability by drawing a specific path with a gradient shader, leading to a heap-buffer-overflow as confirmed by AddressSanitizer.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: Skia (with SK_RASTERIZE_EVEN_ROUNDING enabled, e.g., Mozilla Firefox)

No auth needed

Prerequisites: Skia compiled with SK_RASTERIZE_EVEN_ROUNDING

MITRE ATT&CK

T1211 - Exploitation for Defense Evasion

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026