ASB-A-230630526
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-230630526.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-230630526
- Aliases
-
- A-230630526
- CVE-2023-20948
- Published
- 2023-02-01T00:00:00Z
- Modified
- 2026-04-21T15:25:42.831358Z
- Summary
- [none]
- Details
-
In dropFramesUntilIframe of AAVCAssembler.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/frameworks/av
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"212379021873874381798247829236382160182",
"66417754514263419850213442380152917103",
"83815358669303451646456030079685590824",
"257864817666391178255675542568251582396",
"263069363621899467718590819386129818171",
"157817403914038502428079643464892840091",
"101333980791625609406177382456945136167",
"59797745874716954063490402646915308687",
"7474857098925625077232707478489679628"
]
},
"id": "ASB-A-230630526-6588bcea",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/av/+/3066b1410d87cc8f320cf8dd7eb7705172773919",
"target": {
"file": "media/libstagefright/rtsp/AAVCAssembler.cpp"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"140770239503625695064828509019799832477",
"65151910557162486066798864813844158243",
"307790884070244291519980776556995421879",
"53843108038709408261758986378788463147",
"291643098195140441343962701386998301660",
"222376076498018654343369208564744225737",
"116942000878267325333699752797775468688",
"10740280627826607411568439716866325047",
"251084557062795462069238240176517221836",
"66320444299511471936883387867503732979",
"85860989143724487160794368716943060739",
"251389852599537295098525343765117788487"
]
},
"id": "ASB-A-230630526-71b5dc24",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/av/+/3066b1410d87cc8f320cf8dd7eb7705172773919",
"target": {
"file": "media/libstagefright/rtsp/AHEVCAssembler.cpp"
}
},
{
"digest": {
"length": 719.0,
"function_hash": "308027462454203152321871474735483761019"
},
"id": "ASB-A-230630526-76d7bdfa",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/av/+/3066b1410d87cc8f320cf8dd7eb7705172773919",
"target": {
"function": "AAVCAssembler::pickStartSeq",
"file": "media/libstagefright/rtsp/AAVCAssembler.cpp"
}
},
{
"digest": {
"length": 613.0,
"function_hash": "56722316515367879950337906555341498064"
},
"id": "ASB-A-230630526-9f401594",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/av/+/3066b1410d87cc8f320cf8dd7eb7705172773919",
"target": {
"function": "AHEVCAssembler::pickStartSeq",
"file": "media/libstagefright/rtsp/AHEVCAssembler.cpp"
}
},
{
"digest": {
"length": 227.0,
"function_hash": "265553517352856004442905162954785064259"
},
"id": "ASB-A-230630526-b8e9844b",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/av/+/3066b1410d87cc8f320cf8dd7eb7705172773919",
"target": {
"function": "AAVCAssembler::dropFramesUntilIframe",
"file": "media/libstagefright/rtsp/AAVCAssembler.cpp"
}
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/av/+/3066b1410d87cc8f320cf8dd7eb7705172773919"
],
"types": [
"ID"
],
"spl": "2023-02-01",
"severity": "High"
}
Android / platform/frameworks/av
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 719.0,
"function_hash": "308027462454203152321871474735483761019"
},
"id": "ASB-A-230630526-81b58407",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/av/+/3066b1410d87cc8f320cf8dd7eb7705172773919",
"target": {
"function": "AAVCAssembler::pickStartSeq",
"file": "media/libstagefright/rtsp/AAVCAssembler.cpp"
}
},
{
"digest": {
"length": 227.0,
"function_hash": "265553517352856004442905162954785064259"
},
"id": "ASB-A-230630526-8f5b16b6",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/av/+/3066b1410d87cc8f320cf8dd7eb7705172773919",
"target": {
"function": "AAVCAssembler::dropFramesUntilIframe",
"file": "media/libstagefright/rtsp/AAVCAssembler.cpp"
}
},
{
"digest": {
"length": 613.0,
"function_hash": "56722316515367879950337906555341498064"
},
"id": "ASB-A-230630526-8f931b76",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/av/+/3066b1410d87cc8f320cf8dd7eb7705172773919",
"target": {
"function": "AHEVCAssembler::pickStartSeq",
"file": "media/libstagefright/rtsp/AHEVCAssembler.cpp"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"212379021873874381798247829236382160182",
"66417754514263419850213442380152917103",
"83815358669303451646456030079685590824",
"257864817666391178255675542568251582396",
"263069363621899467718590819386129818171",
"157817403914038502428079643464892840091",
"101333980791625609406177382456945136167",
"59797745874716954063490402646915308687",
"7474857098925625077232707478489679628"
]
},
"id": "ASB-A-230630526-ae615258",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/av/+/3066b1410d87cc8f320cf8dd7eb7705172773919",
"target": {
"file": "media/libstagefright/rtsp/AAVCAssembler.cpp"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"140770239503625695064828509019799832477",
"65151910557162486066798864813844158243",
"307790884070244291519980776556995421879",
"53843108038709408261758986378788463147",
"291643098195140441343962701386998301660",
"222376076498018654343369208564744225737",
"116942000878267325333699752797775468688",
"10740280627826607411568439716866325047",
"251084557062795462069238240176517221836",
"66320444299511471936883387867503732979",
"85860989143724487160794368716943060739",
"251389852599537295098525343765117788487"
]
},
"id": "ASB-A-230630526-c58965bb",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/av/+/3066b1410d87cc8f320cf8dd7eb7705172773919",
"target": {
"file": "media/libstagefright/rtsp/AHEVCAssembler.cpp"
}
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/av/+/3066b1410d87cc8f320cf8dd7eb7705172773919"
],
"types": [
"ID"
],
"spl": "2023-02-01",
"severity": "High"
}
Android / platform/frameworks/av
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"140770239503625695064828509019799832477",
"65151910557162486066798864813844158243",
"307790884070244291519980776556995421879",
"53843108038709408261758986378788463147",
"291643098195140441343962701386998301660",
"222376076498018654343369208564744225737",
"116942000878267325333699752797775468688",
"10740280627826607411568439716866325047",
"251084557062795462069238240176517221836",
"66320444299511471936883387867503732979",
"85860989143724487160794368716943060739",
"251389852599537295098525343765117788487"
]
},
"id": "ASB-A-230630526-117ea795",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/av/+/3066b1410d87cc8f320cf8dd7eb7705172773919",
"target": {
"file": "media/libstagefright/rtsp/AHEVCAssembler.cpp"
}
},
{
"digest": {
"length": 613.0,
"function_hash": "56722316515367879950337906555341498064"
},
"id": "ASB-A-230630526-562f81c9",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/av/+/3066b1410d87cc8f320cf8dd7eb7705172773919",
"target": {
"function": "AHEVCAssembler::pickStartSeq",
"file": "media/libstagefright/rtsp/AHEVCAssembler.cpp"
}
},
{
"digest": {
"length": 227.0,
"function_hash": "265553517352856004442905162954785064259"
},
"id": "ASB-A-230630526-9a815441",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/av/+/3066b1410d87cc8f320cf8dd7eb7705172773919",
"target": {
"function": "AAVCAssembler::dropFramesUntilIframe",
"file": "media/libstagefright/rtsp/AAVCAssembler.cpp"
}
},
{
"digest": {
"length": 719.0,
"function_hash": "308027462454203152321871474735483761019"
},
"id": "ASB-A-230630526-ce723218",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/av/+/3066b1410d87cc8f320cf8dd7eb7705172773919",
"target": {
"function": "AAVCAssembler::pickStartSeq",
"file": "media/libstagefright/rtsp/AAVCAssembler.cpp"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"212379021873874381798247829236382160182",
"66417754514263419850213442380152917103",
"83815358669303451646456030079685590824",
"257864817666391178255675542568251582396",
"263069363621899467718590819386129818171",
"157817403914038502428079643464892840091",
"101333980791625609406177382456945136167",
"59797745874716954063490402646915308687",
"7474857098925625077232707478489679628"
]
},
"id": "ASB-A-230630526-d583668b",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/av/+/3066b1410d87cc8f320cf8dd7eb7705172773919",
"target": {
"file": "media/libstagefright/rtsp/AAVCAssembler.cpp"
}
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/av/+/3066b1410d87cc8f320cf8dd7eb7705172773919"
],
"types": [
"ID"
],
"spl": "2023-02-01",
"severity": "High"
}