ASB-A-389681152
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-389681152.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-389681152
- Aliases
-
- A-389681152
- CVE-2025-32327
- Published
- 2025-09-01T00:00:00Z
- Modified
- 2026-03-09T15:09:45.114269Z
- Summary
- [none]
- Details
-
In multiple functions of PickerDbFacade.java, there is a possible unauthorized data access due to SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android
platform/packages/providers/MediaProvider
Package
- Name
- platform/packages/providers/MediaProvider
Ecosystem specific
{
"vanir_signatures": [
{
"target": {
"function": "getMediaStoreProjectionLocked",
"file": "src/com/android/providers/media/photopicker/data/PickerDbFacade.java"
},
"id": "ASB-A-389681152-218ad758",
"digest": {
"function_hash": "4915966484935293118475914909492300688",
"length": 1410.0
},
"source": "https://android.googlesource.com/platform/packages/providers/MediaProvider/+/edf1da4372d8353b63799b9d015d34e08dff1418",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function"
},
{
"target": {
"function": "queryMediaIdForAppsLocked",
"file": "src/com/android/providers/media/photopicker/data/PickerDbFacade.java"
},
"id": "ASB-A-389681152-6fea2916",
"digest": {
"function_hash": "176306962565292791206418801849299486261",
"length": 221.0
},
"source": "https://android.googlesource.com/platform/packages/providers/MediaProvider/+/edf1da4372d8353b63799b9d015d34e08dff1418",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function"
},
{
"target": {
"file": "src/com/android/providers/media/photopicker/data/PickerDbFacade.java"
},
"id": "ASB-A-389681152-7927a398",
"digest": {
"line_hashes": [
"21990850938136317384576549665291009456",
"212013331839893331275700460516971610682",
"166672834487217053149626947348507049429",
"27214721703499055990970083098196569713",
"11881510269876442169046478363800664261",
"145639420394533879648454737135015684149",
"237939683841997392511066084175089645524",
"292013551164952647604846030973893779822",
"256726391885782609560089524457902172924",
"279160596996518240210129160446617600677",
"284927992857137821156567789421023534065",
"204949772825126493125921440814780931129",
"277471265485857417979423115510437090713",
"10710875867105671979214721633188291510",
"274347521357724415810414664015940868947",
"328678467719169560561487477148541784675",
"239344677021765292382429593719967377063",
"285851813311975143694581100791744866378",
"222940882953702259188279053368828162733",
"278102782640395093774586280830574636529",
"248007194501421811141161683518028024504",
"212535148653683049737017438329497409105",
"333718063419555285629710217452474873499",
"8521698553587447549558144398527895219",
"218702381588418221880491095154632431224",
"38793654622621542419872818203584364690",
"149083842535624730294363011814102252263",
"7140490310283441656743930784574650252",
"229713914037368277642415942155967320752",
"59814420193552126261460394105397414463",
"295936784661755258391465305635186701351",
"336351701932079196319988861463847989829",
"156119247611660654611455899466465479402",
"26754614917494488044874470595467968421",
"44684735862020707077334738967035707079",
"90865448416952610303884991575221654240",
"272569282345055556916736226012258106478",
"28006663388105192912575972928862617606",
"69622670365094966066045011896359931013",
"200525368661201233865232646317006828100",
"240854349827441025977474833906298220434",
"36280082936109649693058436475617845679",
"17043646358359087725308495060116988325",
"104396105614229766083019748734993402983",
"90325725050772942100924906002563563517",
"185409041144409637643455609587902523076",
"36675673072963696858463127752733877591",
"146314786174933234317239158214859061072",
"184197284797209281074615684936844146305",
"313004621537797169409361010225496789646",
"139707410827818389324468457843612665990",
"169195266335300911605339686148811365371",
"154677462745697737308231820333250455984",
"300624583119904471199318303203709106056",
"149648882571666792649922757775189218598",
"42162439357756575977167926398101344600",
"68052160987197995546725854188654660659",
"147099097856517138168978582359653151984",
"294879630510704978839073537166871681257"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/packages/providers/MediaProvider/+/edf1da4372d8353b63799b9d015d34e08dff1418",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line"
}
],
"types": [
"EoP"
],
"spl": "2025-09-01",
"fixes": [
"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/edf1da4372d8353b63799b9d015d34e08dff1418"
],
"severity": "High"
}platform/packages/providers/MediaProvider
Package
- Name
- platform/packages/providers/MediaProvider
Ecosystem specific
{
"vanir_signatures": [
{
"target": {
"file": "src/com/android/providers/media/photopicker/data/PickerDbFacade.java"
},
"id": "ASB-A-389681152-d6c96508",
"digest": {
"line_hashes": [
"21990850938136317384576549665291009456",
"212013331839893331275700460516971610682",
"166672834487217053149626947348507049429",
"27214721703499055990970083098196569713",
"11881510269876442169046478363800664261",
"145639420394533879648454737135015684149",
"260542537763001628944676189573767028130",
"143944566978769147854036088914844209052",
"21362846011292797046456197985274341604",
"128879192978444068659066842823013789523",
"284927992857137821156567789421023534065",
"204949772825126493125921440814780931129",
"277471265485857417979423115510437090713",
"10710875867105671979214721633188291510",
"274347521357724415810414664015940868947",
"328678467719169560561487477148541784675",
"239344677021765292382429593719967377063",
"285851813311975143694581100791744866378",
"222940882953702259188279053368828162733",
"278102782640395093774586280830574636529",
"248007194501421811141161683518028024504",
"212535148653683049737017438329497409105",
"333718063419555285629710217452474873499",
"8521698553587447549558144398527895219",
"218702381588418221880491095154632431224",
"38793654622621542419872818203584364690",
"149083842535624730294363011814102252263",
"7140490310283441656743930784574650252",
"229713914037368277642415942155967320752",
"59814420193552126261460394105397414463",
"295936784661755258391465305635186701351",
"336351701932079196319988861463847989829",
"156119247611660654611455899466465479402",
"26754614917494488044874470595467968421",
"44684735862020707077334738967035707079",
"90865448416952610303884991575221654240",
"272569282345055556916736226012258106478",
"28006663388105192912575972928862617606",
"69622670365094966066045011896359931013",
"200525368661201233865232646317006828100",
"240854349827441025977474833906298220434",
"36280082936109649693058436475617845679",
"17043646358359087725308495060116988325",
"104396105614229766083019748734993402983",
"90325725050772942100924906002563563517",
"185409041144409637643455609587902523076",
"36675673072963696858463127752733877591",
"146314786174933234317239158214859061072",
"184197284797209281074615684936844146305",
"313004621537797169409361010225496789646",
"139707410827818389324468457843612665990",
"169195266335300911605339686148811365371",
"154677462745697737308231820333250455984",
"300624583119904471199318303203709106056",
"149648882571666792649922757775189218598",
"42162439357756575977167926398101344600",
"68052160987197995546725854188654660659",
"147099097856517138168978582359653151984",
"294879630510704978839073537166871681257"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/packages/providers/MediaProvider/+/0a11b2966d3925ff942e430205f81ae9c616619b",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line"
},
{
"target": {
"function": "getMediaStoreProjectionLocked",
"file": "src/com/android/providers/media/photopicker/data/PickerDbFacade.java"
},
"id": "ASB-A-389681152-e5277b4a",
"digest": {
"function_hash": "4915966484935293118475914909492300688",
"length": 1410.0
},
"source": "https://android.googlesource.com/platform/packages/providers/MediaProvider/+/0a11b2966d3925ff942e430205f81ae9c616619b",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function"
},
{
"target": {
"function": "queryMediaIdForAppsLocked",
"file": "src/com/android/providers/media/photopicker/data/PickerDbFacade.java"
},
"id": "ASB-A-389681152-e6e22550",
"digest": {
"function_hash": "191259405826578647415992423152298884871",
"length": 218.0
},
"source": "https://android.googlesource.com/platform/packages/providers/MediaProvider/+/0a11b2966d3925ff942e430205f81ae9c616619b",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function"
}
],
"types": [
"EoP"
],
"spl": "2025-09-01",
"fixes": [
"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/0a11b2966d3925ff942e430205f81ae9c616619b"
],
"severity": "High"
}platform/packages/providers/MediaProvider
Package
- Name
- platform/packages/providers/MediaProvider
Ecosystem specific
{
"vanir_signatures": [
{
"target": {
"function": "getMediaStoreProjectionLocked",
"file": "src/com/android/providers/media/photopicker/data/PickerDbFacade.java"
},
"id": "ASB-A-389681152-43fde2be",
"digest": {
"function_hash": "107857858586178503447752297230556885123",
"length": 1391.0
},
"source": "https://android.googlesource.com/platform/packages/providers/MediaProvider/+/85181bd232dd7c47438dfe94b3df725ad982025f",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function"
},
{
"target": {
"file": "src/com/android/providers/media/photopicker/data/PickerDbFacade.java"
},
"id": "ASB-A-389681152-502d25af",
"digest": {
"line_hashes": [
"21990850938136317384576549665291009456",
"212013331839893331275700460516971610682",
"151434131861079324718152811641740688588",
"96331864028362290026127209577260943811",
"307360004551836535288194517937908209988",
"283455976942604063503403282584237682171",
"142981105461406937973061294597040260643",
"117650762279172680306425460936570243796",
"33172796747364015643810413048877417210",
"170591907660922576159042248774946078868",
"165437359447662297105972056449975713733",
"331615834797061441708562838567747945937",
"46283257269341038848124458228692322710",
"334745342630154307653093758366246641453",
"328678467719169560561487477148541784675",
"116421996356543247842427792393702871000",
"49453522115400654019711383400374545329",
"246642565059240821528535737969995990900",
"44148908005661428404034992288376516365",
"212535148653683049737017438329497409105",
"333718063419555285629710217452474873499",
"8521698553587447549558144398527895219",
"218702381588418221880491095154632431224",
"38793654622621542419872818203584364690",
"149083842535624730294363011814102252263",
"7140490310283441656743930784574650252",
"229713914037368277642415942155967320752",
"59814420193552126261460394105397414463",
"295936784661755258391465305635186701351",
"336351701932079196319988861463847989829",
"156119247611660654611455899466465479402",
"26754614917494488044874470595467968421",
"44684735862020707077334738967035707079",
"90865448416952610303884991575221654240",
"272569282345055556916736226012258106478",
"28006663388105192912575972928862617606",
"69622670365094966066045011896359931013",
"200525368661201233865232646317006828100",
"240854349827441025977474833906298220434",
"36280082936109649693058436475617845679",
"17043646358359087725308495060116988325",
"104396105614229766083019748734993402983",
"90325725050772942100924906002563563517",
"185409041144409637643455609587902523076",
"36675673072963696858463127752733877591",
"146314786174933234317239158214859061072",
"184197284797209281074615684936844146305",
"313004621537797169409361010225496789646",
"139707410827818389324468457843612665990",
"169195266335300911605339686148811365371",
"154677462745697737308231820333250455984",
"300624583119904471199318303203709106056",
"149648882571666792649922757775189218598",
"42162439357756575977167926398101344600",
"68052160987197995546725854188654660659",
"147099097856517138168978582359653151984",
"294879630510704978839073537166871681257"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/packages/providers/MediaProvider/+/85181bd232dd7c47438dfe94b3df725ad982025f",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line"
},
{
"target": {
"function": "queryMediaIdForAppsInternal",
"file": "src/com/android/providers/media/photopicker/data/PickerDbFacade.java"
},
"id": "ASB-A-389681152-88f9b827",
"digest": {
"function_hash": "139156383599378954752546838216735920276",
"length": 196.0
},
"source": "https://android.googlesource.com/platform/packages/providers/MediaProvider/+/85181bd232dd7c47438dfe94b3df725ad982025f",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function"
}
],
"types": [
"EoP"
],
"spl": "2025-09-01",
"fixes": [
"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/85181bd232dd7c47438dfe94b3df725ad982025f"
],
"severity": "High"
}