In checkSpsUpdated of AAVCAssembler.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.
{ "types": [ "ID" ], "severity": "High", "vanir_signatures": [ { "digest": { "function_hash": "69447002832914259517445382002834504670", "length": 404.0 }, "signature_version": "v1", "source": "https://android.googlesource.com/platform/frameworks/av/+/cc538ed26803328445d52383f91025b357cda47d", "deprecated": false, "id": "ASB-A-204077881-15210b66", "signature_type": "Function", "target": { "file": "media/libstagefright/rtsp/AAVCAssembler.cpp", "function": "AAVCAssembler::checkSpsUpdated" } }, { "digest": { "threshold": 0.9, "line_hashes": [ "329137829467727028975304135906492061630", "91765238030631839877653982970183501961", "78904361420780750818517263595879144632", "25371881439428296618679050946846425773" ] }, "signature_version": "v1", "source": "https://android.googlesource.com/platform/frameworks/av/+/cc538ed26803328445d52383f91025b357cda47d", "deprecated": false, "id": "ASB-A-204077881-e937756a", "signature_type": "Line", "target": { "file": "media/libstagefright/rtsp/AAVCAssembler.cpp" } } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/av/+/cc538ed26803328445d52383f91025b357cda47d" ], "spl": "2022-02-01" }