ASB-A-245135112

See a problem?

Import Source

https://storage.googleapis.com/android-osv/ASB-A-245135112.json

JSON Data

https://api.osv.dev/v1/vulns/ASB-A-245135112

Aliases

A-245135112
CVE-2023-35687

Published

2023-09-01T00:00:00Z

Modified

2026-04-17T15:55:28.020024Z

Summary

[none]

Details

In MtpPropertyValue of MtpProperty.h, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android

platform/frameworks/av

Package

Name: platform/frameworks/av

Affected ranges

Type: ECOSYSTEM
Events: Introduced

13-next:0

Fixed

13-next:2023-09-01

Affected versions

Other

13-next

Ecosystem specific

{
    "severity": "High",
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/av/+/3afa6e80e8568fe63f893fa354bc79ef91d3dcc0"
    ],
    "spl": "2023-09-01",
    "vanir_signatures": [
        {
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/3afa6e80e8568fe63f893fa354bc79ef91d3dcc0",
            "target": {
                "file": "media/mtp/MtpProperty.h"
            },
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "49440150004597398374299339656218450864",
                    "135677111807147160386708736057925333638",
                    "202537571553025539675748916310275647158",
                    "296972742206731287151675506359443186515"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line",
            "id": "ASB-A-245135112-0858d31e"
        }
    ],
    "types": [
        "EoP"
    ]
}

Database specific

source

"https://storage.googleapis.com/android-osv/ASB-A-245135112.json"

platform/frameworks/av

Package

Name: platform/frameworks/av

Affected ranges

Type: ECOSYSTEM
Events: Introduced

11:0

Fixed

11:2023-09-01

Affected versions

Other

Ecosystem specific

{
    "severity": "High",
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/av/+/d44311374e41a26b28db56794c9a7890a13a6972"
    ],
    "spl": "2023-09-01",
    "vanir_signatures": [
        {
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/d44311374e41a26b28db56794c9a7890a13a6972",
            "target": {
                "file": "media/mtp/MtpProperty.h"
            },
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "49440150004597398374299339656218450864",
                    "135677111807147160386708736057925333638",
                    "202537571553025539675748916310275647158",
                    "296972742206731287151675506359443186515"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line",
            "id": "ASB-A-245135112-c2c06a9e"
        }
    ],
    "types": [
        "EoP"
    ]
}

Database specific

source

"https://storage.googleapis.com/android-osv/ASB-A-245135112.json"

platform/frameworks/av

Package

Name: platform/frameworks/av

Affected ranges

Type: ECOSYSTEM
Events: Introduced

12:0

Fixed

12:2023-09-01

Affected versions

Other

Ecosystem specific

{
    "severity": "High",
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/av/+/c138d20635694857754f2b7de2342089de13d556"
    ],
    "spl": "2023-09-01",
    "vanir_signatures": [
        {
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/c138d20635694857754f2b7de2342089de13d556",
            "target": {
                "file": "media/mtp/MtpProperty.h"
            },
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "49440150004597398374299339656218450864",
                    "135677111807147160386708736057925333638",
                    "202537571553025539675748916310275647158",
                    "296972742206731287151675506359443186515"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line",
            "id": "ASB-A-245135112-b87de1b5"
        }
    ],
    "types": [
        "EoP"
    ]
}

Database specific

source

"https://storage.googleapis.com/android-osv/ASB-A-245135112.json"

platform/frameworks/av

Package

Name: platform/frameworks/av

Affected ranges

Type: ECOSYSTEM
Events: Introduced

12L:0

Fixed

12L:2023-09-01

Affected versions

Other

12L

Ecosystem specific

{
    "severity": "High",
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/av/+/5825299cf697df203ce42f67f741731b97f96071"
    ],
    "spl": "2023-09-01",
    "vanir_signatures": [
        {
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/5825299cf697df203ce42f67f741731b97f96071",
            "target": {
                "file": "media/mtp/MtpProperty.h"
            },
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "49440150004597398374299339656218450864",
                    "135677111807147160386708736057925333638",
                    "202537571553025539675748916310275647158",
                    "296972742206731287151675506359443186515"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line",
            "id": "ASB-A-245135112-cbf2e1fd"
        }
    ],
    "types": [
        "EoP"
    ]
}

Database specific

source

"https://storage.googleapis.com/android-osv/ASB-A-245135112.json"

platform/frameworks/av

Package

Name: platform/frameworks/av

Affected ranges

Type: ECOSYSTEM
Events: Introduced

13:0

Fixed

13:2023-09-01

Affected versions

Other

Ecosystem specific

{
    "severity": "High",
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/av/+/99d0823ca2b8275f000a437150fb8d1938b1b31a"
    ],
    "spl": "2023-09-01",
    "vanir_signatures": [
        {
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/99d0823ca2b8275f000a437150fb8d1938b1b31a",
            "target": {
                "file": "media/mtp/MtpProperty.h"
            },
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "49440150004597398374299339656218450864",
                    "135677111807147160386708736057925333638",
                    "202537571553025539675748916310275647158",
                    "296972742206731287151675506359443186515"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line",
            "id": "ASB-A-245135112-96b0935d"
        }
    ],
    "types": [
        "EoP"
    ]
}

Database specific

source

"https://storage.googleapis.com/android-osv/ASB-A-245135112.json"