ASB-A-281665050
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-281665050.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-281665050
- Aliases
-
- A-281665050
- CVE-2023-40137
- Published
- 2025-02-01T00:00:00Z
- Modified
- 2026-04-27T15:40:08.012512Z
- Summary
- [none]
- Details
-
In createDatasetItems of DialogFillUi.java, there is a possible way to view another user's image. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"target": {
"file": "services/autofill/java/com/android/server/autofill/ui/DialogFillUi.java"
},
"id": "ASB-A-281665050-06445f7a",
"signature_version": "v1",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"152706124914265209826722211813105497440",
"122457438830031755697776489763091500155",
"9557648870503328618362177008065891024",
"21424190766785613237481844130356205668",
"318743049332437221904056720756700357292",
"19494396699293671953931356471127301788",
"125685506690105876920915180744054100445",
"193060436326013056668025233908441392097",
"45525861848201633409686579962243666914",
"247171390140834564838122080548466479325",
"11417974425339281741084590764620266974",
"63675271650473437443478445002199682738",
"337643276294840670681719171796552205364",
"120308007170846405930104003764350781053",
"110491743816707019839998419656968232453",
"290369119132319450297915760482112743456",
"318831208973307593363994768019606516553",
"118585930299939295491472408901765825976"
]
},
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/base/+/bf7fbbccd920596e514d1559fb3feaca70e55e78"
},
{
"target": {
"function": "applyCustomDescription",
"file": "services/autofill/java/com/android/server/autofill/ui/SaveUi.java"
},
"id": "ASB-A-281665050-4124815a",
"signature_version": "v1",
"deprecated": false,
"digest": {
"function_hash": "110995354895912650465302359732992851334",
"length": 3696.0
},
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/bf7fbbccd920596e514d1559fb3feaca70e55e78"
},
{
"target": {
"function": "initialAuthenticationLayout",
"file": "services/autofill/java/com/android/server/autofill/ui/DialogFillUi.java"
},
"id": "ASB-A-281665050-6438f6a0",
"signature_version": "v1",
"deprecated": false,
"digest": {
"function_hash": "49532191195551615746744837755912801092",
"length": 754.0
},
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/bf7fbbccd920596e514d1559fb3feaca70e55e78"
},
{
"target": {
"file": "services/autofill/java/com/android/server/autofill/ui/FillUi.java"
},
"id": "ASB-A-281665050-77854c22",
"signature_version": "v1",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"70384187207969473467724071990317729398",
"320418546227076084465594181217435078892",
"139034975296227356350451546793061696188",
"198840029242654939539433467117586934531",
"313245536086977364838236582966126120156",
"9821241575628344625617058172907797661",
"84864080468086762366722034388010268348",
"321713212781640076910098641929018121181",
"60835553322294116645322918846401089571",
"194254830192584495059033577937727898134",
"147075656553749944497531376143451541327",
"11224255276186999251427813799537284016",
"190000541700740439308365212289947348130"
]
},
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/base/+/bf7fbbccd920596e514d1559fb3feaca70e55e78"
},
{
"target": {
"function": "FillUi",
"file": "services/autofill/java/com/android/server/autofill/ui/FillUi.java"
},
"id": "ASB-A-281665050-80fd7a71",
"signature_version": "v1",
"deprecated": false,
"digest": {
"function_hash": "31646391903980341277154471442477253944",
"length": 6510.0
},
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/bf7fbbccd920596e514d1559fb3feaca70e55e78"
},
{
"target": {
"file": "services/autofill/java/com/android/server/autofill/ui/SaveUi.java"
},
"id": "ASB-A-281665050-a53a4b64",
"signature_version": "v1",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"148303161279659643660660451501034279234",
"125883638802437311423689325172088876430",
"68109407143103339498063405506151933519",
"141851605057521366089072764562061264673"
]
},
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/base/+/bf7fbbccd920596e514d1559fb3feaca70e55e78"
},
{
"target": {
"file": "services/autofill/java/com/android/server/autofill/Helper.java"
},
"id": "ASB-A-281665050-ad39c60e",
"signature_version": "v1",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"195550187764114165661677033491385867525",
"207939012160879388942929324645558281641",
"197882718764834178866649541080794831380",
"239233852245253813103569443623407063279",
"44698807005793972678540295405764893919",
"21183059188807409401714516310665780128",
"300048194628243201263727493046361281547",
"303844278245018911624601514776114041871",
"229695913011207263233075675270896549026",
"55169701512537227256118636456135333684",
"198388733492753553705907241123091591212",
"304920987658179113312826479999607115028",
"269055928370450172860520757506759510794",
"237757000885932752970060260599884987089",
"33379483823330199745001603645193499184"
]
},
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/base/+/bf7fbbccd920596e514d1559fb3feaca70e55e78"
},
{
"target": {
"function": "createDatasetItems",
"file": "services/autofill/java/com/android/server/autofill/ui/DialogFillUi.java"
},
"id": "ASB-A-281665050-e69baae4",
"signature_version": "v1",
"deprecated": false,
"digest": {
"function_hash": "14933855057066592257347322952625317997",
"length": 1677.0
},
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/bf7fbbccd920596e514d1559fb3feaca70e55e78"
},
{
"target": {
"function": "setHeader",
"file": "services/autofill/java/com/android/server/autofill/ui/DialogFillUi.java"
},
"id": "ASB-A-281665050-eeb818cb",
"signature_version": "v1",
"deprecated": false,
"digest": {
"function_hash": "243658678464188710220306003597891618027",
"length": 498.0
},
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/bf7fbbccd920596e514d1559fb3feaca70e55e78"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/bf7fbbccd920596e514d1559fb3feaca70e55e78"
],
"severity": "High",
"types": [
"ID"
],
"spl": "2025-02-01"
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"target": {
"file": "services/autofill/java/com/android/server/autofill/ui/FillUi.java"
},
"id": "ASB-A-281665050-4bba6ff2",
"signature_version": "v1",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"70384187207969473467724071990317729398",
"320418546227076084465594181217435078892",
"139034975296227356350451546793061696188",
"198840029242654939539433467117586934531",
"313245536086977364838236582966126120156",
"9821241575628344625617058172907797661",
"84864080468086762366722034388010268348",
"321713212781640076910098641929018121181",
"60835553322294116645322918846401089571",
"194254830192584495059033577937727898134",
"147075656553749944497531376143451541327",
"11224255276186999251427813799537284016",
"190000541700740439308365212289947348130"
]
},
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/base/+/73fa082a7202100da107ae14dd7742ecd86da053"
},
{
"target": {
"file": "services/autofill/java/com/android/server/autofill/Helper.java"
},
"id": "ASB-A-281665050-5897c9bc",
"signature_version": "v1",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"206563368113645024653705304061605275981",
"197882718764834178866649541080794831380",
"239233852245253813103569443623407063279",
"44698807005793972678540295405764893919",
"21183059188807409401714516310665780128",
"300048194628243201263727493046361281547",
"200644165688969314273219891189461360855",
"77496428704198062703578586753481553588",
"55169701512537227256118636456135333684",
"198388733492753553705907241123091591212",
"304920987658179113312826479999607115028",
"269055928370450172860520757506759510794",
"237757000885932752970060260599884987089",
"33379483823330199745001603645193499184"
]
},
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/base/+/73fa082a7202100da107ae14dd7742ecd86da053"
},
{
"target": {
"function": "FillUi",
"file": "services/autofill/java/com/android/server/autofill/ui/FillUi.java"
},
"id": "ASB-A-281665050-9791299f",
"signature_version": "v1",
"deprecated": false,
"digest": {
"function_hash": "155518773178166328024443815934004657924",
"length": 6466.0
},
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/73fa082a7202100da107ae14dd7742ecd86da053"
},
{
"target": {
"function": "applyCustomDescription",
"file": "services/autofill/java/com/android/server/autofill/ui/SaveUi.java"
},
"id": "ASB-A-281665050-be69d6ef",
"signature_version": "v1",
"deprecated": false,
"digest": {
"function_hash": "110995354895912650465302359732992851334",
"length": 3696.0
},
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/73fa082a7202100da107ae14dd7742ecd86da053"
},
{
"target": {
"file": "services/autofill/java/com/android/server/autofill/ui/SaveUi.java"
},
"id": "ASB-A-281665050-d4299c57",
"signature_version": "v1",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"148303161279659643660660451501034279234",
"125883638802437311423689325172088876430",
"68109407143103339498063405506151933519",
"141851605057521366089072764562061264673"
]
},
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/base/+/73fa082a7202100da107ae14dd7742ecd86da053"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/73fa082a7202100da107ae14dd7742ecd86da053"
],
"severity": "High",
"types": [
"ID"
],
"spl": "2025-02-01"
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"target": {
"file": "services/autofill/java/com/android/server/autofill/Helper.java"
},
"id": "ASB-A-281665050-4b9be62e",
"signature_version": "v1",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"206563368113645024653705304061605275981",
"197882718764834178866649541080794831380",
"239233852245253813103569443623407063279",
"44698807005793972678540295405764893919",
"21183059188807409401714516310665780128",
"300048194628243201263727493046361281547",
"200644165688969314273219891189461360855",
"77496428704198062703578586753481553588",
"55169701512537227256118636456135333684",
"198388733492753553705907241123091591212",
"304920987658179113312826479999607115028",
"269055928370450172860520757506759510794",
"237757000885932752970060260599884987089",
"33379483823330199745001603645193499184"
]
},
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/base/+/f7ca136c514dc975c3f46d95c53fd6b3752c577a"
},
{
"target": {
"function": "FillUi",
"file": "services/autofill/java/com/android/server/autofill/ui/FillUi.java"
},
"id": "ASB-A-281665050-69bfefd7",
"signature_version": "v1",
"deprecated": false,
"digest": {
"function_hash": "155518773178166328024443815934004657924",
"length": 6466.0
},
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/f7ca136c514dc975c3f46d95c53fd6b3752c577a"
},
{
"target": {
"function": "applyCustomDescription",
"file": "services/autofill/java/com/android/server/autofill/ui/SaveUi.java"
},
"id": "ASB-A-281665050-c0f2a3a7",
"signature_version": "v1",
"deprecated": false,
"digest": {
"function_hash": "110995354895912650465302359732992851334",
"length": 3696.0
},
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/f7ca136c514dc975c3f46d95c53fd6b3752c577a"
},
{
"target": {
"file": "services/autofill/java/com/android/server/autofill/ui/SaveUi.java"
},
"id": "ASB-A-281665050-d7552cd1",
"signature_version": "v1",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"148303161279659643660660451501034279234",
"125883638802437311423689325172088876430",
"68109407143103339498063405506151933519",
"141851605057521366089072764562061264673"
]
},
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/base/+/f7ca136c514dc975c3f46d95c53fd6b3752c577a"
},
{
"target": {
"file": "services/autofill/java/com/android/server/autofill/ui/FillUi.java"
},
"id": "ASB-A-281665050-f36bcf55",
"signature_version": "v1",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"70384187207969473467724071990317729398",
"320418546227076084465594181217435078892",
"139034975296227356350451546793061696188",
"198840029242654939539433467117586934531",
"313245536086977364838236582966126120156",
"9821241575628344625617058172907797661",
"84864080468086762366722034388010268348",
"321713212781640076910098641929018121181",
"60835553322294116645322918846401089571",
"194254830192584495059033577937727898134",
"147075656553749944497531376143451541327",
"11224255276186999251427813799537284016",
"190000541700740439308365212289947348130"
]
},
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/base/+/f7ca136c514dc975c3f46d95c53fd6b3752c577a"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/f7ca136c514dc975c3f46d95c53fd6b3752c577a"
],
"severity": "High",
"types": [
"ID"
],
"spl": "2025-02-01"
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"target": {
"function": "applyCustomDescription",
"file": "services/autofill/java/com/android/server/autofill/ui/SaveUi.java"
},
"id": "ASB-A-281665050-0d2943f4",
"signature_version": "v1",
"deprecated": false,
"digest": {
"function_hash": "110995354895912650465302359732992851334",
"length": 3696.0
},
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/93810ba1c0a4d31f49adbf9454731e2b7defdfc0"
},
{
"target": {
"file": "services/autofill/java/com/android/server/autofill/ui/FillUi.java"
},
"id": "ASB-A-281665050-27c06beb",
"signature_version": "v1",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"70384187207969473467724071990317729398",
"320418546227076084465594181217435078892",
"139034975296227356350451546793061696188",
"198840029242654939539433467117586934531",
"313245536086977364838236582966126120156",
"9821241575628344625617058172907797661",
"84864080468086762366722034388010268348",
"321713212781640076910098641929018121181",
"60835553322294116645322918846401089571",
"194254830192584495059033577937727898134",
"147075656553749944497531376143451541327",
"11224255276186999251427813799537284016",
"190000541700740439308365212289947348130"
]
},
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/base/+/93810ba1c0a4d31f49adbf9454731e2b7defdfc0"
},
{
"target": {
"function": "createDatasetItems",
"file": "services/autofill/java/com/android/server/autofill/ui/DialogFillUi.java"
},
"id": "ASB-A-281665050-2b9e0a47",
"signature_version": "v1",
"deprecated": false,
"digest": {
"function_hash": "14933855057066592257347322952625317997",
"length": 1677.0
},
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/93810ba1c0a4d31f49adbf9454731e2b7defdfc0"
},
{
"target": {
"function": "initialAuthenticationLayout",
"file": "services/autofill/java/com/android/server/autofill/ui/DialogFillUi.java"
},
"id": "ASB-A-281665050-8e58e6f9",
"signature_version": "v1",
"deprecated": false,
"digest": {
"function_hash": "49532191195551615746744837755912801092",
"length": 754.0
},
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/93810ba1c0a4d31f49adbf9454731e2b7defdfc0"
},
{
"target": {
"function": "setHeader",
"file": "services/autofill/java/com/android/server/autofill/ui/DialogFillUi.java"
},
"id": "ASB-A-281665050-979c9889",
"signature_version": "v1",
"deprecated": false,
"digest": {
"function_hash": "243658678464188710220306003597891618027",
"length": 498.0
},
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/93810ba1c0a4d31f49adbf9454731e2b7defdfc0"
},
{
"target": {
"file": "services/autofill/java/com/android/server/autofill/Helper.java"
},
"id": "ASB-A-281665050-a1b813d7",
"signature_version": "v1",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"206563368113645024653705304061605275981",
"197882718764834178866649541080794831380",
"239233852245253813103569443623407063279",
"44698807005793972678540295405764893919",
"21183059188807409401714516310665780128",
"300048194628243201263727493046361281547",
"200644165688969314273219891189461360855",
"77496428704198062703578586753481553588",
"55169701512537227256118636456135333684",
"198388733492753553705907241123091591212",
"304920987658179113312826479999607115028",
"269055928370450172860520757506759510794",
"237757000885932752970060260599884987089",
"33379483823330199745001603645193499184"
]
},
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/base/+/93810ba1c0a4d31f49adbf9454731e2b7defdfc0"
},
{
"target": {
"function": "FillUi",
"file": "services/autofill/java/com/android/server/autofill/ui/FillUi.java"
},
"id": "ASB-A-281665050-acd70eb0",
"signature_version": "v1",
"deprecated": false,
"digest": {
"function_hash": "155518773178166328024443815934004657924",
"length": 6466.0
},
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/93810ba1c0a4d31f49adbf9454731e2b7defdfc0"
},
{
"target": {
"file": "services/autofill/java/com/android/server/autofill/ui/DialogFillUi.java"
},
"id": "ASB-A-281665050-b901e226",
"signature_version": "v1",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"152706124914265209826722211813105497440",
"122457438830031755697776489763091500155",
"9557648870503328618362177008065891024",
"21424190766785613237481844130356205668",
"318743049332437221904056720756700357292",
"19494396699293671953931356471127301788",
"125685506690105876920915180744054100445",
"193060436326013056668025233908441392097",
"45525861848201633409686579962243666914",
"247171390140834564838122080548466479325",
"11417974425339281741084590764620266974",
"63675271650473437443478445002199682738",
"337643276294840670681719171796552205364",
"120308007170846405930104003764350781053",
"110491743816707019839998419656968232453",
"290369119132319450297915760482112743456",
"318831208973307593363994768019606516553",
"118585930299939295491472408901765825976"
]
},
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/base/+/93810ba1c0a4d31f49adbf9454731e2b7defdfc0"
},
{
"target": {
"file": "services/autofill/java/com/android/server/autofill/ui/SaveUi.java"
},
"id": "ASB-A-281665050-d2b5895d",
"signature_version": "v1",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"148303161279659643660660451501034279234",
"125883638802437311423689325172088876430",
"68109407143103339498063405506151933519",
"141851605057521366089072764562061264673"
]
},
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/base/+/93810ba1c0a4d31f49adbf9454731e2b7defdfc0"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/93810ba1c0a4d31f49adbf9454731e2b7defdfc0"
],
"severity": "High",
"types": [
"ID"
],
"spl": "2025-02-01"
}