ASB-A-299477569
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-299477569.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-299477569
- Aliases
-
- A-299477569
- CVE-2023-4863
- CVE-2023-5129
- GHSA-j7hp-h8jx-5ppr
- RUSTSEC-2023-0060
- RUSTSEC-2023-0061
- Published
- 2023-10-01T00:00:00Z
- Modified
- 2025-10-24T15:26:23.750784Z
- Summary
- [none]
- Details
-
In BuildHuffmanTable of huffman_utils.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android
platform/external/webp
Package
- Name
- platform/external/webp
platform/external/webp
Package
- Name
- platform/external/webp
Ecosystem specific
{
"types": [
"RCE"
],
"spl": "2023-10-06",
"severity": "Critical",
"vanir_signatures": [
{
"id": "ASB-A-299477569-295ffb70",
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 383.0,
"function_hash": "40283652307670872671032511637601685268"
},
"target": {
"function": "AddVectorEq_MIPS32",
"file": "src/dsp/lossless_enc_mips32.c"
},
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/external/webp/+/c3f928a1d30e48a400ed434130da3609cbfd54ad"
},
{
"id": "ASB-A-299477569-2e1ab3fe",
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"169966916558279050832634754478767979358",
"180907884678556500447203331176641645287",
"310342967974809096205114478644627727929",
"334848601353197483697852558353492665653",
"300736591130123852438682251291966974204",
"237261322598863367883289176924019578805",
"173758189122598620758716116138111418151",
"263934962910731844153152303590346456382",
"155462523537241221126673684312876309888",
"261502972542537607349532067319638809092",
"43401009356672717769311425039640535981",
"334848601353197483697852558353492665653",
"10247792090647171846005791325548463943",
"79358224156328144706227308442556528882",
"173758189122598620758716116138111418151",
"253770182644889392424020162380205034015"
],
"threshold": 0.9
},
"target": {
"file": "src/dsp/alpha_processing_neon.c"
},
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/external/webp/+/c3f928a1d30e48a400ed434130da3609cbfd54ad"
},
{
"id": "ASB-A-299477569-307abb21",
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"163724193854473346907507630364280388172",
"264836444328454150992554213101345384708",
"181922589043580502142152691080011101756",
"339343357310263727389496164475949212675",
"26581816914442771711331283190392493524",
"37187177066790183420743799174911313588",
"63039321163627893212629515239808205979"
],
"threshold": 0.9
},
"target": {
"file": "src/enc/vp8l_enc.c"
},
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/external/webp/+/c3f928a1d30e48a400ed434130da3609cbfd54ad"
},
{
"id": "ASB-A-299477569-44384282",
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"271948026291282679915020711765944277644",
"262252171417285278396190219750969423297",
"148769860740082019780466540147402480452",
"210145805502744439188840045708050512589",
"35045463450424597200053605992676636204",
"64766116049401205963382856096159133016",
"199857997552244871809490827006375407869",
"19508379791752261999511906430439999976",
"228171279559466439552632197667773266539",
"151576406092307753477191614656856352818",
"253045320118918568491627921939403555705",
"130445939594778113211731509372766920561",
"12580394397663910147154862229568281599",
"80519199707879550880393747682138685712",
"316703996335626729356480421668443359420",
"112588836660070022639592100708547253158",
"80951286132688567743133278832665098378",
"269574673249262310077259878437192371215",
"252443284945298872410908993903016361511",
"159257432654087281696134800911303867693",
"291750083337732318662709987572573616830",
"169088151181716300303842140093765755918",
"73550526054077245811164979480865709647",
"162854924244706812826736065911880033121",
"291243115522035543821384978063358782303",
"178642488364606593579676655197420657813",
"298358522057652572101438670807195076303",
"148852009278892113461914803942839280211",
"247530072585474083441594850150604125475",
"279560637154054723920761559897853486777",
"202655542227860580080550069313697685541",
"186980819649801847432774385003660928968",
"97828808855738792730905062881408925566",
"102081775963876061736136113440319348704",
"5999260320962753238441206982156248892",
"225298851476652200041146005344964915850",
"25926333490899675358408004217915439110",
"121271864338623016227831636388829667369",
"3261922525234354196880407410666053244",
"93490408030208102553449128636581277522",
"56169827678954796002461554515733955394",
"146434498251422795792724255787630145257",
"180061472657521040892563784991030675291",
"28456919384561916568486403753570021157",
"141591542593831588193439876159158717749",
"143026966034998223926469464146658131125",
"214863518128816089569328548838396476266",
"181159102842818032171371684569701144472",
"100549082727312540877472668665834378775",
"43581069938430831587912090271434024516",
"73651109845734901883398747017515852367",
"115445385881407562798806355037454872759",
"110463014747451642918800005342832693488",
"254069557418689661914117668276367867146",
"328830259662328988457898205652053121965",
"238858969565005325952513859319399381516",
"111234782651036060340979675411769789231",
"172081266457316932040744692285306655916",
"248566039298899952992969157639115673789",
"119985745181292829676238729059280428135",
"167694533597920009083942283657848514212",
"264725772127853413985386923114761986085",
"319322622918909763052091702521534025749",
"298957801119027805276587464952973149993",
"62837709564002461020449103231436455248",
"313049931741831224027067891725458321568",
"234345581826703249538457366286627621387",
"200300177457112355832449360393082008763",
"48551747108970203382132381719056013424",
"274300588330689046282791831363004929420",
"309105406738991267509915155779836680981",
"310052527010005599966394898527644151396"
],
"threshold": 0.9
},
"target": {
"file": "src/dec/vp8l_dec.c"
},
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/external/webp/+/c3f928a1d30e48a400ed434130da3609cbfd54ad"
},
{
"id": "ASB-A-299477569-4edf37eb",
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"20134740730605791402509200455302630941",
"136648906070994206943738037015888819806",
"232356828012318700083917498119399758794",
"37020882375958065571817200082347569363"
],
"threshold": 0.9
},
"target": {
"file": "src/dec/vp8li_dec.h"
},
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/external/webp/+/c3f928a1d30e48a400ed434130da3609cbfd54ad"
},
{
"id": "ASB-A-299477569-510f340b",
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"97864061784715826441887866112378347584",
"39515576668064130961191125490569008709",
"15945440527326475598758400760545647269",
"179905868972741389206246603230558700074",
"269002166573005066182395532399705225080",
"338797654904827777915006341201793438154",
"26243335173024739658472585475060558978",
"296788324226089332424342777701034399900",
"325935409316114345698959684627202414721",
"14602179211321051470616776437453227421",
"80930707920142309702112656163292811131",
"75984984191255074792532700352187079254",
"15945440527326475598758400760545647269",
"179905868972741389206246603230558700074",
"178376739799592228038032850001863292370",
"20025690582520085788588656537972912237",
"324790268367688164508600624494191013251",
"99164137796852951371330616679109629299",
"60027550136380738499539137436091815299",
"52861869952683498687220473597854559444"
],
"threshold": 0.9
},
"target": {
"file": "src/dsp/lossless_enc_mips32.c"
},
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/external/webp/+/c3f928a1d30e48a400ed434130da3609cbfd54ad"
},
{
"id": "ASB-A-299477569-51244d24",
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 420.0,
"function_hash": "217698354615572624902466573869813048939"
},
"target": {
"function": "AddVector_MIPS32",
"file": "src/dsp/lossless_enc_mips32.c"
},
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/external/webp/+/c3f928a1d30e48a400ed434130da3609cbfd54ad"
},
{
"deprecated": false,
"source": "https://android.googlesource.com/platform/external/webp/+/c3f928a1d30e48a400ed434130da3609cbfd54ad",
"id": "ASB-A-299477569-65157042",
"signature_version": "v1",
"digest": {
"line_hashes": [
"339552759243512806894138470577406385901",
"247643164679832697523449823163964756236",
"198447676287631005837611924638791878951",
"63337458664775815006511263243325825326",
"186290915315074525055935852177459870025",
"238710308987062706236372889688722698277",
"93302240339192796449018411149350622639",
"57286932989762470603908217520582368390",
"90534818050649470475091160140786371014",
"285592475756554386779110005368072582494"
],
"threshold": 0.9
},
"target": {
"file": "src/enc/alpha_enc.c"
},
"signature_type": "Line",
"match_only_versions": [
"11"
]
},
{
"id": "ASB-A-299477569-67cfced1",
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"210680425751445647392974712312166516434",
"31176131428327197556084923347153299803",
"91413042216609002235528185241791249822",
"273450130334326004710231764491864605384",
"97403937494087092732307438335378299067",
"183915759203804892541396210553818051906",
"218815111059650688860257620488376646006"
],
"threshold": 0.9
},
"target": {
"file": "src/utils/huffman_utils.h"
},
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/external/webp/+/c3f928a1d30e48a400ed434130da3609cbfd54ad"
},
{
"id": "ASB-A-299477569-6e0014e0",
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"156779803209175547355376252751319586572",
"62588057392501956841152792403457014429",
"214993459198804963129871786453662809388",
"21093686221887462362639238965826476168"
],
"threshold": 0.9
},
"target": {
"file": "src/enc/backward_references_cost_enc.c"
},
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/external/webp/+/c3f928a1d30e48a400ed434130da3609cbfd54ad"
},
{
"id": "ASB-A-299477569-cab21e82",
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"75158598674934381536352618132523980337",
"339790838941348462227546079624200580193",
"291226772912964236758817544806665866337",
"180434222966209005790651315929754024913",
"302960546791657996990312426492216910519",
"315513358708356716766983211530470424146",
"196508410340831527136915823740764318875",
"2829442824193413228703251675162035141",
"234537217682198795556173390134157933107",
"6747455493086593463967291821366712541"
],
"threshold": 0.9
},
"target": {
"file": "src/enc/backward_references_enc.c"
},
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/external/webp/+/c3f928a1d30e48a400ed434130da3609cbfd54ad"
},
{
"id": "ASB-A-299477569-e3628472",
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 779.0,
"function_hash": "334248941716855323943701770985780040251"
},
"target": {
"function": "DispatchAlpha_NEON",
"file": "src/dsp/alpha_processing_neon.c"
},
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/external/webp/+/c3f928a1d30e48a400ed434130da3609cbfd54ad"
},
{
"id": "ASB-A-299477569-e71b49aa",
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"204781606502151800260619611752625644818",
"185106167987738524761390329650955829619",
"305816608561040735805928812483133554564",
"59392845666000361311742466361202540751",
"163544756746094738569689619927773583208",
"64351449055211388586989071028165712970",
"18629077194446828728726317177332368712",
"223007749125293494574594639015320091978",
"236680345559470387610260309003459465438",
"226067468273456595296407121508288106200",
"321923281581885145865730435223215193746",
"231666192913856095838086834941208983265",
"181054860789483302711806005905772321308",
"79258257990473166470619511931141812522",
"200328652613175569443260201006420835059",
"6676361250043582523572721889987948436",
"200076656036652498604570028039742429935",
"189120569564892762059446620707941915190",
"323711977447033501678429042127603698316",
"269845760469900685143393871538905460386",
"4720203203833394296686175345248656821",
"56107595494770414169033152965635542500",
"220250410205055553327705516994151907780",
"139029986952383583081732583543121227225",
"225906645224314157815939602383793184376",
"155588090218342557940253942580447666642",
"309051081962351778948184717950795815509",
"245539949468760808910768168636209190145",
"244292944973542475936500071963500771088",
"94475619690918640400365047181728977924",
"195366773349676590075927548152953695014",
"279482347794562642676571009996899462113",
"48927683219126065761174863204405289860",
"214789503505984548988643500713495921103",
"25920949994098500062101683129657787955",
"40948343052415876263205953168564566778",
"32377182047332644615623785857061877577",
"213828181346851087381515831448269560908",
"261689318391222986394302351952710236908"
],
"threshold": 0.9
},
"target": {
"file": "src/utils/huffman_utils.c"
},
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/external/webp/+/c3f928a1d30e48a400ed434130da3609cbfd54ad"
},
{
"id": "ASB-A-299477569-efc7eaad",
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 734.0,
"function_hash": "35762848052940665053966434408620727368"
},
"target": {
"function": "ExtractAlpha_NEON",
"file": "src/dsp/alpha_processing_neon.c"
},
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/external/webp/+/c3f928a1d30e48a400ed434130da3609cbfd54ad"
}
],
"fixes": [
"https://android.googlesource.com/platform/external/webp/+/c3f928a1d30e48a400ed434130da3609cbfd54ad"
]
}platform/external/webp
Package
- Name
- platform/external/webp
Ecosystem specific
{
"types": [
"RCE"
],
"spl": "2023-10-06",
"severity": "Critical",
"vanir_signatures": [
{
"id": "ASB-A-299477569-0fc7a49e",
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 734.0,
"function_hash": "35762848052940665053966434408620727368"
},
"target": {
"function": "ExtractAlpha_NEON",
"file": "src/dsp/alpha_processing_neon.c"
},
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/external/webp/+/210681f7f5d24c73fc55e7147e870c1351c31400"
},
{
"id": "ASB-A-299477569-20622113",
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 420.0,
"function_hash": "217698354615572624902466573869813048939"
},
"target": {
"function": "AddVector_MIPS32",
"file": "src/dsp/lossless_enc_mips32.c"
},
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/external/webp/+/210681f7f5d24c73fc55e7147e870c1351c31400"
},
{
"id": "ASB-A-299477569-53595a4a",
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"271948026291282679915020711765944277644",
"262252171417285278396190219750969423297",
"148769860740082019780466540147402480452",
"210145805502744439188840045708050512589",
"35045463450424597200053605992676636204",
"64766116049401205963382856096159133016",
"199857997552244871809490827006375407869",
"19508379791752261999511906430439999976",
"228171279559466439552632197667773266539",
"151576406092307753477191614656856352818",
"253045320118918568491627921939403555705",
"130445939594778113211731509372766920561",
"12580394397663910147154862229568281599",
"80519199707879550880393747682138685712",
"316703996335626729356480421668443359420",
"112588836660070022639592100708547253158",
"80951286132688567743133278832665098378",
"269574673249262310077259878437192371215",
"252443284945298872410908993903016361511",
"159257432654087281696134800911303867693",
"291750083337732318662709987572573616830",
"169088151181716300303842140093765755918",
"73550526054077245811164979480865709647",
"162854924244706812826736065911880033121",
"291243115522035543821384978063358782303",
"178642488364606593579676655197420657813",
"298358522057652572101438670807195076303",
"148852009278892113461914803942839280211",
"247530072585474083441594850150604125475",
"279560637154054723920761559897853486777",
"202655542227860580080550069313697685541",
"186980819649801847432774385003660928968",
"97828808855738792730905062881408925566",
"102081775963876061736136113440319348704",
"5999260320962753238441206982156248892",
"225298851476652200041146005344964915850",
"25926333490899675358408004217915439110",
"121271864338623016227831636388829667369",
"3261922525234354196880407410666053244",
"93490408030208102553449128636581277522",
"56169827678954796002461554515733955394",
"146434498251422795792724255787630145257",
"180061472657521040892563784991030675291",
"28456919384561916568486403753570021157",
"141591542593831588193439876159158717749",
"143026966034998223926469464146658131125",
"214863518128816089569328548838396476266",
"181159102842818032171371684569701144472",
"100549082727312540877472668665834378775",
"43581069938430831587912090271434024516",
"73651109845734901883398747017515852367",
"115445385881407562798806355037454872759",
"110463014747451642918800005342832693488",
"254069557418689661914117668276367867146",
"328830259662328988457898205652053121965",
"238858969565005325952513859319399381516",
"111234782651036060340979675411769789231",
"172081266457316932040744692285306655916",
"248566039298899952992969157639115673789",
"119985745181292829676238729059280428135",
"167694533597920009083942283657848514212",
"264725772127853413985386923114761986085",
"319322622918909763052091702521534025749",
"298957801119027805276587464952973149993",
"62837709564002461020449103231436455248",
"313049931741831224027067891725458321568",
"234345581826703249538457366286627621387",
"200300177457112355832449360393082008763",
"48551747108970203382132381719056013424",
"274300588330689046282791831363004929420",
"309105406738991267509915155779836680981",
"310052527010005599966394898527644151396"
],
"threshold": 0.9
},
"target": {
"file": "src/dec/vp8l_dec.c"
},
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/external/webp/+/210681f7f5d24c73fc55e7147e870c1351c31400"
},
{
"id": "ASB-A-299477569-59b5e5f8",
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"184486535917274742375898790643177119646",
"95943885037397063337940653147569264485",
"146688000439189956178651262036462588655",
"243607272802491301793742426076863189211",
"246746075629491566327545920987074559731",
"178756029364742335058528640391643198977",
"14108895270355577587630539579921912368",
"18555198820484845415187166745114669311",
"41825228309901354481510949560991977209",
"263292522007487414406624721281842919585",
"65570058192166487007999504789911108748",
"273331903373229057885063505443783167798"
],
"threshold": 0.9
},
"target": {
"file": "src/enc/backward_references_enc.c"
},
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/external/webp/+/210681f7f5d24c73fc55e7147e870c1351c31400"
},
{
"id": "ASB-A-299477569-635315ea",
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"204781606502151800260619611752625644818",
"185106167987738524761390329650955829619",
"305816608561040735805928812483133554564",
"59392845666000361311742466361202540751",
"163544756746094738569689619927773583208",
"64351449055211388586989071028165712970",
"18629077194446828728726317177332368712",
"223007749125293494574594639015320091978",
"236680345559470387610260309003459465438",
"226067468273456595296407121508288106200",
"321923281581885145865730435223215193746",
"231666192913856095838086834941208983265",
"181054860789483302711806005905772321308",
"79258257990473166470619511931141812522",
"200328652613175569443260201006420835059",
"6676361250043582523572721889987948436",
"200076656036652498604570028039742429935",
"189120569564892762059446620707941915190",
"323711977447033501678429042127603698316",
"269845760469900685143393871538905460386",
"4720203203833394296686175345248656821",
"56107595494770414169033152965635542500",
"220250410205055553327705516994151907780",
"139029986952383583081732583543121227225",
"225906645224314157815939602383793184376",
"155588090218342557940253942580447666642",
"309051081962351778948184717950795815509",
"245539949468760808910768168636209190145",
"244292944973542475936500071963500771088",
"94475619690918640400365047181728977924",
"195366773349676590075927548152953695014",
"279482347794562642676571009996899462113",
"48927683219126065761174863204405289860",
"214789503505984548988643500713495921103",
"25920949994098500062101683129657787955",
"40948343052415876263205953168564566778",
"32377182047332644615623785857061877577",
"213828181346851087381515831448269560908",
"261689318391222986394302351952710236908"
],
"threshold": 0.9
},
"target": {
"file": "src/utils/huffman_utils.c"
},
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/external/webp/+/210681f7f5d24c73fc55e7147e870c1351c31400"
},
{
"id": "ASB-A-299477569-713b6121",
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 779.0,
"function_hash": "334248941716855323943701770985780040251"
},
"target": {
"function": "DispatchAlpha_NEON",
"file": "src/dsp/alpha_processing_neon.c"
},
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/external/webp/+/210681f7f5d24c73fc55e7147e870c1351c31400"
},
{
"id": "ASB-A-299477569-77962a4d",
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"169966916558279050832634754478767979358",
"180907884678556500447203331176641645287",
"310342967974809096205114478644627727929",
"334848601353197483697852558353492665653",
"300736591130123852438682251291966974204",
"237261322598863367883289176924019578805",
"173758189122598620758716116138111418151",
"263934962910731844153152303590346456382",
"155462523537241221126673684312876309888",
"261502972542537607349532067319638809092",
"43401009356672717769311425039640535981",
"334848601353197483697852558353492665653",
"10247792090647171846005791325548463943",
"79358224156328144706227308442556528882",
"173758189122598620758716116138111418151",
"253770182644889392424020162380205034015"
],
"threshold": 0.9
},
"target": {
"file": "src/dsp/alpha_processing_neon.c"
},
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/external/webp/+/210681f7f5d24c73fc55e7147e870c1351c31400"
},
{
"id": "ASB-A-299477569-b11ae962",
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"156779803209175547355376252751319586572",
"62588057392501956841152792403457014429",
"214993459198804963129871786453662809388",
"21093686221887462362639238965826476168"
],
"threshold": 0.9
},
"target": {
"file": "src/enc/backward_references_cost_enc.c"
},
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/external/webp/+/210681f7f5d24c73fc55e7147e870c1351c31400"
},
{
"id": "ASB-A-299477569-b5716161",
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"20134740730605791402509200455302630941",
"136648906070994206943738037015888819806",
"232356828012318700083917498119399758794",
"37020882375958065571817200082347569363"
],
"threshold": 0.9
},
"target": {
"file": "src/dec/vp8li_dec.h"
},
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/external/webp/+/210681f7f5d24c73fc55e7147e870c1351c31400"
},
{
"id": "ASB-A-299477569-d642fbb5",
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"163724193854473346907507630364280388172",
"264836444328454150992554213101345384708",
"181922589043580502142152691080011101756",
"339343357310263727389496164475949212675",
"26581816914442771711331283190392493524",
"37187177066790183420743799174911313588",
"63039321163627893212629515239808205979"
],
"threshold": 0.9
},
"target": {
"file": "src/enc/vp8l_enc.c"
},
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/external/webp/+/210681f7f5d24c73fc55e7147e870c1351c31400"
},
{
"id": "ASB-A-299477569-e2004d23",
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"97864061784715826441887866112378347584",
"39515576668064130961191125490569008709",
"15945440527326475598758400760545647269",
"179905868972741389206246603230558700074",
"269002166573005066182395532399705225080",
"338797654904827777915006341201793438154",
"26243335173024739658472585475060558978",
"296788324226089332424342777701034399900",
"325935409316114345698959684627202414721",
"14602179211321051470616776437453227421",
"80930707920142309702112656163292811131",
"75984984191255074792532700352187079254",
"15945440527326475598758400760545647269",
"179905868972741389206246603230558700074",
"178376739799592228038032850001863292370",
"20025690582520085788588656537972912237",
"324790268367688164508600624494191013251",
"99164137796852951371330616679109629299",
"60027550136380738499539137436091815299",
"52861869952683498687220473597854559444"
],
"threshold": 0.9
},
"target": {
"file": "src/dsp/lossless_enc_mips32.c"
},
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/external/webp/+/210681f7f5d24c73fc55e7147e870c1351c31400"
},
{
"id": "ASB-A-299477569-f4d65240",
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 383.0,
"function_hash": "40283652307670872671032511637601685268"
},
"target": {
"function": "AddVectorEq_MIPS32",
"file": "src/dsp/lossless_enc_mips32.c"
},
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/external/webp/+/210681f7f5d24c73fc55e7147e870c1351c31400"
},
{
"id": "ASB-A-299477569-f9779cc9",
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"210680425751445647392974712312166516434",
"31176131428327197556084923347153299803",
"91413042216609002235528185241791249822",
"273450130334326004710231764491864605384",
"97403937494087092732307438335378299067",
"183915759203804892541396210553818051906",
"218815111059650688860257620488376646006"
],
"threshold": 0.9
},
"target": {
"file": "src/utils/huffman_utils.h"
},
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/external/webp/+/210681f7f5d24c73fc55e7147e870c1351c31400"
}
],
"fixes": [
"https://android.googlesource.com/platform/external/webp/+/210681f7f5d24c73fc55e7147e870c1351c31400"
]
}platform/external/webp
Package
- Name
- platform/external/webp
Ecosystem specific
{
"types": [
"RCE"
],
"spl": "2023-10-06",
"severity": "Critical",
"vanir_signatures": [
{
"id": "ASB-A-299477569-3cd8efc9",
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"20134740730605791402509200455302630941",
"136648906070994206943738037015888819806",
"232356828012318700083917498119399758794",
"37020882375958065571817200082347569363"
],
"threshold": 0.9
},
"target": {
"file": "src/dec/vp8li_dec.h"
},
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/external/webp/+/210681f7f5d24c73fc55e7147e870c1351c31400"
},
{
"id": "ASB-A-299477569-4136e971",
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"163724193854473346907507630364280388172",
"264836444328454150992554213101345384708",
"181922589043580502142152691080011101756",
"339343357310263727389496164475949212675",
"26581816914442771711331283190392493524",
"37187177066790183420743799174911313588",
"63039321163627893212629515239808205979"
],
"threshold": 0.9
},
"target": {
"file": "src/enc/vp8l_enc.c"
},
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/external/webp/+/210681f7f5d24c73fc55e7147e870c1351c31400"
},
{
"id": "ASB-A-299477569-4fe31899",
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 779.0,
"function_hash": "334248941716855323943701770985780040251"
},
"target": {
"function": "DispatchAlpha_NEON",
"file": "src/dsp/alpha_processing_neon.c"
},
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/external/webp/+/210681f7f5d24c73fc55e7147e870c1351c31400"
},
{
"id": "ASB-A-299477569-5b7c360a",
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 734.0,
"function_hash": "35762848052940665053966434408620727368"
},
"target": {
"function": "ExtractAlpha_NEON",
"file": "src/dsp/alpha_processing_neon.c"
},
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/external/webp/+/210681f7f5d24c73fc55e7147e870c1351c31400"
},
{
"id": "ASB-A-299477569-6260a0c5",
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"184486535917274742375898790643177119646",
"95943885037397063337940653147569264485",
"146688000439189956178651262036462588655",
"243607272802491301793742426076863189211",
"246746075629491566327545920987074559731",
"178756029364742335058528640391643198977",
"14108895270355577587630539579921912368",
"18555198820484845415187166745114669311",
"41825228309901354481510949560991977209",
"263292522007487414406624721281842919585",
"65570058192166487007999504789911108748",
"273331903373229057885063505443783167798"
],
"threshold": 0.9
},
"target": {
"file": "src/enc/backward_references_enc.c"
},
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/external/webp/+/210681f7f5d24c73fc55e7147e870c1351c31400"
},
{
"id": "ASB-A-299477569-67c5fe9e",
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"204781606502151800260619611752625644818",
"185106167987738524761390329650955829619",
"305816608561040735805928812483133554564",
"59392845666000361311742466361202540751",
"163544756746094738569689619927773583208",
"64351449055211388586989071028165712970",
"18629077194446828728726317177332368712",
"223007749125293494574594639015320091978",
"236680345559470387610260309003459465438",
"226067468273456595296407121508288106200",
"321923281581885145865730435223215193746",
"231666192913856095838086834941208983265",
"181054860789483302711806005905772321308",
"79258257990473166470619511931141812522",
"200328652613175569443260201006420835059",
"6676361250043582523572721889987948436",
"200076656036652498604570028039742429935",
"189120569564892762059446620707941915190",
"323711977447033501678429042127603698316",
"269845760469900685143393871538905460386",
"4720203203833394296686175345248656821",
"56107595494770414169033152965635542500",
"220250410205055553327705516994151907780",
"139029986952383583081732583543121227225",
"225906645224314157815939602383793184376",
"155588090218342557940253942580447666642",
"309051081962351778948184717950795815509",
"245539949468760808910768168636209190145",
"244292944973542475936500071963500771088",
"94475619690918640400365047181728977924",
"195366773349676590075927548152953695014",
"279482347794562642676571009996899462113",
"48927683219126065761174863204405289860",
"214789503505984548988643500713495921103",
"25920949994098500062101683129657787955",
"40948343052415876263205953168564566778",
"32377182047332644615623785857061877577",
"213828181346851087381515831448269560908",
"261689318391222986394302351952710236908"
],
"threshold": 0.9
},
"target": {
"file": "src/utils/huffman_utils.c"
},
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/external/webp/+/210681f7f5d24c73fc55e7147e870c1351c31400"
},
{
"id": "ASB-A-299477569-81b57f55",
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"271948026291282679915020711765944277644",
"262252171417285278396190219750969423297",
"148769860740082019780466540147402480452",
"210145805502744439188840045708050512589",
"35045463450424597200053605992676636204",
"64766116049401205963382856096159133016",
"199857997552244871809490827006375407869",
"19508379791752261999511906430439999976",
"228171279559466439552632197667773266539",
"151576406092307753477191614656856352818",
"253045320118918568491627921939403555705",
"130445939594778113211731509372766920561",
"12580394397663910147154862229568281599",
"80519199707879550880393747682138685712",
"316703996335626729356480421668443359420",
"112588836660070022639592100708547253158",
"80951286132688567743133278832665098378",
"269574673249262310077259878437192371215",
"252443284945298872410908993903016361511",
"159257432654087281696134800911303867693",
"291750083337732318662709987572573616830",
"169088151181716300303842140093765755918",
"73550526054077245811164979480865709647",
"162854924244706812826736065911880033121",
"291243115522035543821384978063358782303",
"178642488364606593579676655197420657813",
"298358522057652572101438670807195076303",
"148852009278892113461914803942839280211",
"247530072585474083441594850150604125475",
"279560637154054723920761559897853486777",
"202655542227860580080550069313697685541",
"186980819649801847432774385003660928968",
"97828808855738792730905062881408925566",
"102081775963876061736136113440319348704",
"5999260320962753238441206982156248892",
"225298851476652200041146005344964915850",
"25926333490899675358408004217915439110",
"121271864338623016227831636388829667369",
"3261922525234354196880407410666053244",
"93490408030208102553449128636581277522",
"56169827678954796002461554515733955394",
"146434498251422795792724255787630145257",
"180061472657521040892563784991030675291",
"28456919384561916568486403753570021157",
"141591542593831588193439876159158717749",
"143026966034998223926469464146658131125",
"214863518128816089569328548838396476266",
"181159102842818032171371684569701144472",
"100549082727312540877472668665834378775",
"43581069938430831587912090271434024516",
"73651109845734901883398747017515852367",
"115445385881407562798806355037454872759",
"110463014747451642918800005342832693488",
"254069557418689661914117668276367867146",
"328830259662328988457898205652053121965",
"238858969565005325952513859319399381516",
"111234782651036060340979675411769789231",
"172081266457316932040744692285306655916",
"248566039298899952992969157639115673789",
"119985745181292829676238729059280428135",
"167694533597920009083942283657848514212",
"264725772127853413985386923114761986085",
"319322622918909763052091702521534025749",
"298957801119027805276587464952973149993",
"62837709564002461020449103231436455248",
"313049931741831224027067891725458321568",
"234345581826703249538457366286627621387",
"200300177457112355832449360393082008763",
"48551747108970203382132381719056013424",
"274300588330689046282791831363004929420",
"309105406738991267509915155779836680981",
"310052527010005599966394898527644151396"
],
"threshold": 0.9
},
"target": {
"file": "src/dec/vp8l_dec.c"
},
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/external/webp/+/210681f7f5d24c73fc55e7147e870c1351c31400"
},
{
"id": "ASB-A-299477569-86699398",
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 383.0,
"function_hash": "40283652307670872671032511637601685268"
},
"target": {
"function": "AddVectorEq_MIPS32",
"file": "src/dsp/lossless_enc_mips32.c"
},
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/external/webp/+/210681f7f5d24c73fc55e7147e870c1351c31400"
},
{
"id": "ASB-A-299477569-94dbcbbc",
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"210680425751445647392974712312166516434",
"31176131428327197556084923347153299803",
"91413042216609002235528185241791249822",
"273450130334326004710231764491864605384",
"97403937494087092732307438335378299067",
"183915759203804892541396210553818051906",
"218815111059650688860257620488376646006"
],
"threshold": 0.9
},
"target": {
"file": "src/utils/huffman_utils.h"
},
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/external/webp/+/210681f7f5d24c73fc55e7147e870c1351c31400"
},
{
"id": "ASB-A-299477569-9d916320",
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"97864061784715826441887866112378347584",
"39515576668064130961191125490569008709",
"15945440527326475598758400760545647269",
"179905868972741389206246603230558700074",
"269002166573005066182395532399705225080",
"338797654904827777915006341201793438154",
"26243335173024739658472585475060558978",
"296788324226089332424342777701034399900",
"325935409316114345698959684627202414721",
"14602179211321051470616776437453227421",
"80930707920142309702112656163292811131",
"75984984191255074792532700352187079254",
"15945440527326475598758400760545647269",
"179905868972741389206246603230558700074",
"178376739799592228038032850001863292370",
"20025690582520085788588656537972912237",
"324790268367688164508600624494191013251",
"99164137796852951371330616679109629299",
"60027550136380738499539137436091815299",
"52861869952683498687220473597854559444"
],
"threshold": 0.9
},
"target": {
"file": "src/dsp/lossless_enc_mips32.c"
},
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/external/webp/+/210681f7f5d24c73fc55e7147e870c1351c31400"
},
{
"id": "ASB-A-299477569-b024640c",
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 420.0,
"function_hash": "217698354615572624902466573869813048939"
},
"target": {
"function": "AddVector_MIPS32",
"file": "src/dsp/lossless_enc_mips32.c"
},
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/external/webp/+/210681f7f5d24c73fc55e7147e870c1351c31400"
},
{
"id": "ASB-A-299477569-c5576bc1",
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"156779803209175547355376252751319586572",
"62588057392501956841152792403457014429",
"214993459198804963129871786453662809388",
"21093686221887462362639238965826476168"
],
"threshold": 0.9
},
"target": {
"file": "src/enc/backward_references_cost_enc.c"
},
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/external/webp/+/210681f7f5d24c73fc55e7147e870c1351c31400"
},
{
"id": "ASB-A-299477569-d7c1ecbf",
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"169966916558279050832634754478767979358",
"180907884678556500447203331176641645287",
"310342967974809096205114478644627727929",
"334848601353197483697852558353492665653",
"300736591130123852438682251291966974204",
"237261322598863367883289176924019578805",
"173758189122598620758716116138111418151",
"263934962910731844153152303590346456382",
"155462523537241221126673684312876309888",
"261502972542537607349532067319638809092",
"43401009356672717769311425039640535981",
"334848601353197483697852558353492665653",
"10247792090647171846005791325548463943",
"79358224156328144706227308442556528882",
"173758189122598620758716116138111418151",
"253770182644889392424020162380205034015"
],
"threshold": 0.9
},
"target": {
"file": "src/dsp/alpha_processing_neon.c"
},
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/external/webp/+/210681f7f5d24c73fc55e7147e870c1351c31400"
}
],
"fixes": [
"https://android.googlesource.com/platform/external/webp/+/210681f7f5d24c73fc55e7147e870c1351c31400"
]
}platform/external/webp
Package
- Name
- platform/external/webp
Ecosystem specific
{
"types": [
"RCE"
],
"spl": "2023-10-06",
"severity": "Critical",
"vanir_signatures": [
{
"id": "ASB-A-299477569-2e4597b2",
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"20134740730605791402509200455302630941",
"136648906070994206943738037015888819806",
"232356828012318700083917498119399758794",
"37020882375958065571817200082347569363"
],
"threshold": 0.9
},
"target": {
"file": "src/dec/vp8li_dec.h"
},
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/external/webp/+/3acf2aa5c074d5659c386c4462059b78489030e0"
},
{
"id": "ASB-A-299477569-411f9725",
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"210680425751445647392974712312166516434",
"31176131428327197556084923347153299803",
"91413042216609002235528185241791249822",
"273450130334326004710231764491864605384",
"97403937494087092732307438335378299067",
"183915759203804892541396210553818051906",
"218815111059650688860257620488376646006"
],
"threshold": 0.9
},
"target": {
"file": "src/utils/huffman_utils.h"
},
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/external/webp/+/3acf2aa5c074d5659c386c4462059b78489030e0"
},
{
"id": "ASB-A-299477569-6772e109",
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"204781606502151800260619611752625644818",
"185106167987738524761390329650955829619",
"305816608561040735805928812483133554564",
"59392845666000361311742466361202540751",
"163544756746094738569689619927773583208",
"64351449055211388586989071028165712970",
"18629077194446828728726317177332368712",
"223007749125293494574594639015320091978",
"236680345559470387610260309003459465438",
"226067468273456595296407121508288106200",
"321923281581885145865730435223215193746",
"231666192913856095838086834941208983265",
"181054860789483302711806005905772321308",
"79258257990473166470619511931141812522",
"200328652613175569443260201006420835059",
"6676361250043582523572721889987948436",
"200076656036652498604570028039742429935",
"189120569564892762059446620707941915190",
"323711977447033501678429042127603698316",
"269845760469900685143393871538905460386",
"4720203203833394296686175345248656821",
"56107595494770414169033152965635542500",
"220250410205055553327705516994151907780",
"139029986952383583081732583543121227225",
"225906645224314157815939602383793184376",
"155588090218342557940253942580447666642",
"309051081962351778948184717950795815509",
"245539949468760808910768168636209190145",
"244292944973542475936500071963500771088",
"94475619690918640400365047181728977924",
"195366773349676590075927548152953695014",
"279482347794562642676571009996899462113",
"48927683219126065761174863204405289860",
"214789503505984548988643500713495921103",
"25920949994098500062101683129657787955",
"40948343052415876263205953168564566778",
"32377182047332644615623785857061877577",
"213828181346851087381515831448269560908",
"261689318391222986394302351952710236908"
],
"threshold": 0.9
},
"target": {
"file": "src/utils/huffman_utils.c"
},
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/external/webp/+/3acf2aa5c074d5659c386c4462059b78489030e0"
},
{
"id": "ASB-A-299477569-c6f85feb",
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"271948026291282679915020711765944277644",
"262252171417285278396190219750969423297",
"148769860740082019780466540147402480452",
"210145805502744439188840045708050512589",
"35045463450424597200053605992676636204",
"64766116049401205963382856096159133016",
"199857997552244871809490827006375407869",
"19508379791752261999511906430439999976",
"228171279559466439552632197667773266539",
"151576406092307753477191614656856352818",
"253045320118918568491627921939403555705",
"130445939594778113211731509372766920561",
"12580394397663910147154862229568281599",
"80519199707879550880393747682138685712",
"316703996335626729356480421668443359420",
"112588836660070022639592100708547253158",
"80951286132688567743133278832665098378",
"269574673249262310077259878437192371215",
"252443284945298872410908993903016361511",
"159257432654087281696134800911303867693",
"291750083337732318662709987572573616830",
"169088151181716300303842140093765755918",
"73550526054077245811164979480865709647",
"162854924244706812826736065911880033121",
"291243115522035543821384978063358782303",
"178642488364606593579676655197420657813",
"298358522057652572101438670807195076303",
"148852009278892113461914803942839280211",
"247530072585474083441594850150604125475",
"279560637154054723920761559897853486777",
"202655542227860580080550069313697685541",
"186980819649801847432774385003660928968",
"97828808855738792730905062881408925566",
"102081775963876061736136113440319348704",
"5999260320962753238441206982156248892",
"225298851476652200041146005344964915850",
"25926333490899675358408004217915439110",
"121271864338623016227831636388829667369",
"3261922525234354196880407410666053244",
"93490408030208102553449128636581277522",
"56169827678954796002461554515733955394",
"146434498251422795792724255787630145257",
"180061472657521040892563784991030675291",
"28456919384561916568486403753570021157",
"141591542593831588193439876159158717749",
"143026966034998223926469464146658131125",
"214863518128816089569328548838396476266",
"181159102842818032171371684569701144472",
"100549082727312540877472668665834378775",
"43581069938430831587912090271434024516",
"73651109845734901883398747017515852367",
"115445385881407562798806355037454872759",
"110463014747451642918800005342832693488",
"254069557418689661914117668276367867146",
"328830259662328988457898205652053121965",
"238858969565005325952513859319399381516",
"111234782651036060340979675411769789231",
"172081266457316932040744692285306655916",
"248566039298899952992969157639115673789",
"119985745181292829676238729059280428135",
"167694533597920009083942283657848514212",
"264725772127853413985386923114761986085",
"319322622918909763052091702521534025749",
"298957801119027805276587464952973149993",
"62837709564002461020449103231436455248",
"313049931741831224027067891725458321568",
"234345581826703249538457366286627621387",
"200300177457112355832449360393082008763",
"48551747108970203382132381719056013424",
"274300588330689046282791831363004929420",
"309105406738991267509915155779836680981",
"310052527010005599966394898527644151396"
],
"threshold": 0.9
},
"target": {
"file": "src/dec/vp8l_dec.c"
},
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/external/webp/+/3acf2aa5c074d5659c386c4462059b78489030e0"
}
],
"fixes": [
"https://android.googlesource.com/platform/external/webp/+/3acf2aa5c074d5659c386c4462059b78489030e0"
]
}