Preface: Yes, it is possible to develop an Android app using C++. While Java and Kotlin are the recommended languages for Android development. Many memory manipulation functions in C and C++ do not perform bounds checking and can easily overwrite the allocated bounds of the buffers they operate upon.
Background: Skia Graphics Library (SGL) is an open source graphics library written in C++. It was originally developed by Skia Company and was open sourced under the New BSD License after being acquired by Google. The first product developed by Skia is the Skia Graphics Library, which can render high-quality 2D graphics on low-end devices such as mobile phones. As of 2017, it is used in Android, Google Chrome, Chrome OS, Chromium OS, Mozilla Firefox, Firefox OS, and Sublime Text.
Vulnerability details: This vulnerability lead to remote code execution with no additional execution privileges needed. It is related to size overflow when allocating SkMask data.
Official announcement: Please see the link below for details –
https://source.android.com/docs/security/bulletin/2024-12-01