ASB-A-275418191

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-275418191.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-275418191
Aliases
Published
2023-06-01T00:00:00Z
Modified
2026-04-17T15:55:28.020024Z
Summary
[none]
Details

In readSampleData of NuMediaExtractor.cpp, there is a possible out of bounds write due to uninitialized data. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.

References

Affected packages

Android
platform/frameworks/av

Package

Name
platform/frameworks/av

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13-next:0
Fixed
13-next:2023-06-01

Affected versions

Other
13-next

Ecosystem specific 

{
    "types": [
        "RCE"
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/av/+/943fc12219b21d2a98f0ddc070b9b316a6f5d412"
    ],
    "severity": "Critical",
    "vanir_signatures": [
        {
            "source": "https://android.googlesource.com/platform/frameworks/av/+/943fc12219b21d2a98f0ddc070b9b316a6f5d412",
            "target": {
                "file": "media/libstagefright/NuMediaExtractor.cpp",
                "function": "NuMediaExtractor::appendVorbisNumPageSamples"
            },
            "deprecated": false,
            "signature_type": "Function",
            "id": "ASB-A-275418191-ad6cb47a",
            "signature_version": "v1",
            "digest": {
                "function_hash": "256305904202997360665992662178442636647",
                "length": 1208.0
            }
        },
        {
            "source": "https://android.googlesource.com/platform/frameworks/av/+/943fc12219b21d2a98f0ddc070b9b316a6f5d412",
            "target": {
                "file": "media/libstagefright/NuMediaExtractor.cpp",
                "function": "NuMediaExtractor::readSampleData"
            },
            "deprecated": false,
            "signature_type": "Function",
            "id": "ASB-A-275418191-d2873602",
            "signature_version": "v1",
            "digest": {
                "function_hash": "187534784423043132727814070735583040318",
                "length": 799.0
            }
        },
        {
            "source": "https://android.googlesource.com/platform/frameworks/av/+/943fc12219b21d2a98f0ddc070b9b316a6f5d412",
            "target": {
                "file": "media/libstagefright/NuMediaExtractor.cpp"
            },
            "deprecated": false,
            "signature_type": "Line",
            "id": "ASB-A-275418191-ee320fb9",
            "signature_version": "v1",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "283217741136541281662020523354178829598",
                    "185546205597131107083701168944001137751",
                    "175932367583564604799062484674933857763",
                    "137845207249137899784704001335788762489",
                    "298198521707984461963266084020664636486",
                    "161637793484050339150122244137750521431",
                    "23407221044265165971680590599441091402",
                    "185968861969003845347730508463039992433",
                    "62256047970286530211870936170771590070",
                    "38039659121007000054133227695071658555",
                    "4716636295578313303102259672829176470",
                    "237662365700516168864270773840182596068",
                    "318143005539248426702385773713687341284",
                    "207781726756524367263454835582474334957",
                    "230291368270224380033698909882736336239",
                    "159010559817431969426902154839361420510",
                    "24542478645988523278336721448569127612",
                    "120504561171381327933606515652055322692",
                    "315201648281665755375307479475525822987",
                    "53278902239985992418014447409454208907",
                    "178356102237246945926629792767744911517",
                    "184561256215240336210796048022941283157",
                    "260858617001690435747135531195032942371",
                    "199957772064564005832259788587295138457",
                    "328681620858005784177964507345755534711",
                    "311465027644127185633929173203381653564"
                ]
            }
        }
    ],
    "spl": "2023-06-01"
}

Database specific

source 
"https://storage.googleapis.com/android-osv/ASB-A-275418191.json"
platform/frameworks/av

Package

Name
platform/frameworks/av

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11:0
Fixed
11:2023-06-01

Affected versions

Other
11

Ecosystem specific 

{
    "types": [
        "RCE"
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/av/+/84c69bca81175feb2fd97ebb22e432ee41572786"
    ],
    "severity": "Critical",
    "vanir_signatures": [
        {
            "source": "https://android.googlesource.com/platform/frameworks/av/+/84c69bca81175feb2fd97ebb22e432ee41572786",
            "target": {
                "file": "media/libstagefright/NuMediaExtractor.cpp"
            },
            "deprecated": false,
            "signature_type": "Line",
            "id": "ASB-A-275418191-0eb0b30e",
            "signature_version": "v1",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "283217741136541281662020523354178829598",
                    "185546205597131107083701168944001137751",
                    "175932367583564604799062484674933857763",
                    "137845207249137899784704001335788762489",
                    "298198521707984461963266084020664636486",
                    "161637793484050339150122244137750521431",
                    "23407221044265165971680590599441091402",
                    "185968861969003845347730508463039992433",
                    "62256047970286530211870936170771590070",
                    "38039659121007000054133227695071658555",
                    "4716636295578313303102259672829176470",
                    "237662365700516168864270773840182596068",
                    "318143005539248426702385773713687341284",
                    "207781726756524367263454835582474334957",
                    "230291368270224380033698909882736336239",
                    "159010559817431969426902154839361420510",
                    "24542478645988523278336721448569127612",
                    "120504561171381327933606515652055322692",
                    "315201648281665755375307479475525822987",
                    "53278902239985992418014447409454208907",
                    "178356102237246945926629792767744911517",
                    "184561256215240336210796048022941283157",
                    "260858617001690435747135531195032942371",
                    "199957772064564005832259788587295138457",
                    "328681620858005784177964507345755534711",
                    "311465027644127185633929173203381653564"
                ]
            }
        },
        {
            "source": "https://android.googlesource.com/platform/frameworks/av/+/84c69bca81175feb2fd97ebb22e432ee41572786",
            "target": {
                "file": "media/libstagefright/NuMediaExtractor.cpp",
                "function": "NuMediaExtractor::appendVorbisNumPageSamples"
            },
            "deprecated": false,
            "signature_type": "Function",
            "id": "ASB-A-275418191-d54bcb11",
            "signature_version": "v1",
            "digest": {
                "function_hash": "256305904202997360665992662178442636647",
                "length": 1208.0
            }
        },
        {
            "source": "https://android.googlesource.com/platform/frameworks/av/+/84c69bca81175feb2fd97ebb22e432ee41572786",
            "target": {
                "file": "media/libstagefright/NuMediaExtractor.cpp",
                "function": "NuMediaExtractor::readSampleData"
            },
            "deprecated": false,
            "signature_type": "Function",
            "id": "ASB-A-275418191-fb0e251d",
            "signature_version": "v1",
            "digest": {
                "function_hash": "187534784423043132727814070735583040318",
                "length": 799.0
            }
        }
    ],
    "spl": "2023-06-01"
}

Database specific

source 
"https://storage.googleapis.com/android-osv/ASB-A-275418191.json"
platform/frameworks/av

Package

Name
platform/frameworks/av

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12:0
Fixed
12:2023-06-01

Affected versions

Other
12

Ecosystem specific 

{
    "types": [
        "RCE"
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/av/+/84c69bca81175feb2fd97ebb22e432ee41572786"
    ],
    "severity": "Critical",
    "vanir_signatures": [
        {
            "source": "https://android.googlesource.com/platform/frameworks/av/+/84c69bca81175feb2fd97ebb22e432ee41572786",
            "target": {
                "file": "media/libstagefright/NuMediaExtractor.cpp",
                "function": "NuMediaExtractor::readSampleData"
            },
            "deprecated": false,
            "signature_type": "Function",
            "id": "ASB-A-275418191-42eb24ac",
            "signature_version": "v1",
            "digest": {
                "function_hash": "187534784423043132727814070735583040318",
                "length": 799.0
            }
        },
        {
            "source": "https://android.googlesource.com/platform/frameworks/av/+/84c69bca81175feb2fd97ebb22e432ee41572786",
            "target": {
                "file": "media/libstagefright/NuMediaExtractor.cpp",
                "function": "NuMediaExtractor::appendVorbisNumPageSamples"
            },
            "deprecated": false,
            "signature_type": "Function",
            "id": "ASB-A-275418191-92bb2c77",
            "signature_version": "v1",
            "digest": {
                "function_hash": "256305904202997360665992662178442636647",
                "length": 1208.0
            }
        },
        {
            "source": "https://android.googlesource.com/platform/frameworks/av/+/84c69bca81175feb2fd97ebb22e432ee41572786",
            "target": {
                "file": "media/libstagefright/NuMediaExtractor.cpp"
            },
            "deprecated": false,
            "signature_type": "Line",
            "id": "ASB-A-275418191-ee6c4a05",
            "signature_version": "v1",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "283217741136541281662020523354178829598",
                    "185546205597131107083701168944001137751",
                    "175932367583564604799062484674933857763",
                    "137845207249137899784704001335788762489",
                    "298198521707984461963266084020664636486",
                    "161637793484050339150122244137750521431",
                    "23407221044265165971680590599441091402",
                    "185968861969003845347730508463039992433",
                    "62256047970286530211870936170771590070",
                    "38039659121007000054133227695071658555",
                    "4716636295578313303102259672829176470",
                    "237662365700516168864270773840182596068",
                    "318143005539248426702385773713687341284",
                    "207781726756524367263454835582474334957",
                    "230291368270224380033698909882736336239",
                    "159010559817431969426902154839361420510",
                    "24542478645988523278336721448569127612",
                    "120504561171381327933606515652055322692",
                    "315201648281665755375307479475525822987",
                    "53278902239985992418014447409454208907",
                    "178356102237246945926629792767744911517",
                    "184561256215240336210796048022941283157",
                    "260858617001690435747135531195032942371",
                    "199957772064564005832259788587295138457",
                    "328681620858005784177964507345755534711",
                    "311465027644127185633929173203381653564"
                ]
            }
        }
    ],
    "spl": "2023-06-01"
}

Database specific

source 
"https://storage.googleapis.com/android-osv/ASB-A-275418191.json"
platform/frameworks/av

Package

Name
platform/frameworks/av

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12L:0
Fixed
12L:2023-06-01

Affected versions

Other
12L

Ecosystem specific 

{
    "types": [
        "RCE"
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/av/+/84c69bca81175feb2fd97ebb22e432ee41572786"
    ],
    "severity": "Critical",
    "vanir_signatures": [
        {
            "source": "https://android.googlesource.com/platform/frameworks/av/+/84c69bca81175feb2fd97ebb22e432ee41572786",
            "target": {
                "file": "media/libstagefright/NuMediaExtractor.cpp"
            },
            "deprecated": false,
            "signature_type": "Line",
            "id": "ASB-A-275418191-2eca2cb5",
            "signature_version": "v1",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "283217741136541281662020523354178829598",
                    "185546205597131107083701168944001137751",
                    "175932367583564604799062484674933857763",
                    "137845207249137899784704001335788762489",
                    "298198521707984461963266084020664636486",
                    "161637793484050339150122244137750521431",
                    "23407221044265165971680590599441091402",
                    "185968861969003845347730508463039992433",
                    "62256047970286530211870936170771590070",
                    "38039659121007000054133227695071658555",
                    "4716636295578313303102259672829176470",
                    "237662365700516168864270773840182596068",
                    "318143005539248426702385773713687341284",
                    "207781726756524367263454835582474334957",
                    "230291368270224380033698909882736336239",
                    "159010559817431969426902154839361420510",
                    "24542478645988523278336721448569127612",
                    "120504561171381327933606515652055322692",
                    "315201648281665755375307479475525822987",
                    "53278902239985992418014447409454208907",
                    "178356102237246945926629792767744911517",
                    "184561256215240336210796048022941283157",
                    "260858617001690435747135531195032942371",
                    "199957772064564005832259788587295138457",
                    "328681620858005784177964507345755534711",
                    "311465027644127185633929173203381653564"
                ]
            }
        },
        {
            "source": "https://android.googlesource.com/platform/frameworks/av/+/84c69bca81175feb2fd97ebb22e432ee41572786",
            "target": {
                "file": "media/libstagefright/NuMediaExtractor.cpp",
                "function": "NuMediaExtractor::appendVorbisNumPageSamples"
            },
            "deprecated": false,
            "signature_type": "Function",
            "id": "ASB-A-275418191-a7f17e19",
            "signature_version": "v1",
            "digest": {
                "function_hash": "256305904202997360665992662178442636647",
                "length": 1208.0
            }
        },
        {
            "source": "https://android.googlesource.com/platform/frameworks/av/+/84c69bca81175feb2fd97ebb22e432ee41572786",
            "target": {
                "file": "media/libstagefright/NuMediaExtractor.cpp",
                "function": "NuMediaExtractor::readSampleData"
            },
            "deprecated": false,
            "signature_type": "Function",
            "id": "ASB-A-275418191-fc382e65",
            "signature_version": "v1",
            "digest": {
                "function_hash": "187534784423043132727814070735583040318",
                "length": 799.0
            }
        }
    ],
    "spl": "2023-06-01"
}

Database specific

source 
"https://storage.googleapis.com/android-osv/ASB-A-275418191.json"
platform/frameworks/av

Package

Name
platform/frameworks/av

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13:0
Fixed
13:2023-06-01

Affected versions

Other
13

Ecosystem specific 

{
    "types": [
        "RCE"
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/av/+/84c69bca81175feb2fd97ebb22e432ee41572786"
    ],
    "severity": "Critical",
    "vanir_signatures": [
        {
            "source": "https://android.googlesource.com/platform/frameworks/av/+/84c69bca81175feb2fd97ebb22e432ee41572786",
            "target": {
                "file": "media/libstagefright/NuMediaExtractor.cpp"
            },
            "deprecated": false,
            "signature_type": "Line",
            "id": "ASB-A-275418191-119bb86c",
            "signature_version": "v1",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "283217741136541281662020523354178829598",
                    "185546205597131107083701168944001137751",
                    "175932367583564604799062484674933857763",
                    "137845207249137899784704001335788762489",
                    "298198521707984461963266084020664636486",
                    "161637793484050339150122244137750521431",
                    "23407221044265165971680590599441091402",
                    "185968861969003845347730508463039992433",
                    "62256047970286530211870936170771590070",
                    "38039659121007000054133227695071658555",
                    "4716636295578313303102259672829176470",
                    "237662365700516168864270773840182596068",
                    "318143005539248426702385773713687341284",
                    "207781726756524367263454835582474334957",
                    "230291368270224380033698909882736336239",
                    "159010559817431969426902154839361420510",
                    "24542478645988523278336721448569127612",
                    "120504561171381327933606515652055322692",
                    "315201648281665755375307479475525822987",
                    "53278902239985992418014447409454208907",
                    "178356102237246945926629792767744911517",
                    "184561256215240336210796048022941283157",
                    "260858617001690435747135531195032942371",
                    "199957772064564005832259788587295138457",
                    "328681620858005784177964507345755534711",
                    "311465027644127185633929173203381653564"
                ]
            }
        },
        {
            "source": "https://android.googlesource.com/platform/frameworks/av/+/84c69bca81175feb2fd97ebb22e432ee41572786",
            "target": {
                "file": "media/libstagefright/NuMediaExtractor.cpp",
                "function": "NuMediaExtractor::readSampleData"
            },
            "deprecated": false,
            "signature_type": "Function",
            "id": "ASB-A-275418191-11a20f9b",
            "signature_version": "v1",
            "digest": {
                "function_hash": "187534784423043132727814070735583040318",
                "length": 799.0
            }
        },
        {
            "source": "https://android.googlesource.com/platform/frameworks/av/+/84c69bca81175feb2fd97ebb22e432ee41572786",
            "target": {
                "file": "media/libstagefright/NuMediaExtractor.cpp",
                "function": "NuMediaExtractor::appendVorbisNumPageSamples"
            },
            "deprecated": false,
            "signature_type": "Function",
            "id": "ASB-A-275418191-c374bc8c",
            "signature_version": "v1",
            "digest": {
                "function_hash": "256305904202997360665992662178442636647",
                "length": 1208.0
            }
        }
    ],
    "spl": "2023-06-01"
}

Database specific

source 
"https://storage.googleapis.com/android-osv/ASB-A-275418191.json"