PUB-A-173473906

See a problem?
Import Source
https://storage.googleapis.com/android-osv/PUB-A-173473906.json
JSON Data
https://api.osv.dev/v1/vulns/PUB-A-173473906
Aliases
Published
2021-06-01T00:00:00Z
Modified
2026-04-17T15:55:28.020024Z
Summary
[none]
Details

In fillMainDataBuf of pvmp3_framedecoder.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

References

Affected packages

Android / platform/frameworks/av

Package

Name
platform/frameworks/av

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11:0
Fixed
11:2021-06-01

Affected versions

Other
11

Ecosystem specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "293797302228071633464526393653512212358",
                    "194408749592349630679277926751866505811",
                    "265216304529935388184389236603210923382",
                    "99891634823715483501898592333318890353",
                    "151670970261351436810416605515688262733",
                    "134702225329079229238339115777875359804",
                    "279460579511376967790585316174588197029",
                    "262680279748910785327260243555723466201",
                    "256449929897296075472208456890390018417",
                    "74914808464419985033693289305175865305",
                    "242652940077587176677110769447789862646",
                    "125296010726038879862062066713083226813",
                    "93140174556828749213919550582027907677",
                    "304874117891085880207039148465534010172",
                    "302428685006639890990796215503149761785",
                    "189030640590743404890054361091078431209",
                    "46207336480574915503612845485509415929",
                    "17044964744115648040156747980697241444",
                    "92082536629168664549167920208548419220",
                    "36793552561398743819051664877114457512",
                    "169298477066617655296210649508686288587",
                    "119142169220347366342828057813996981868",
                    "33351768027277512992257872736510737048",
                    "257186600609174655438253770054808097958",
                    "249186156668277998137571686618648117958"
                ]
            },
            "id": "PUB-A-173473906-a8a75f47",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Line",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/b82dca76225fa11cf782127e4bcccd1fdf5fad17",
            "target": {
                "file": "media/libstagefright/codecs/mp3dec/src/pvmp3_framedecoder.cpp"
            }
        },
        {
            "digest": {
                "length": 1305.0,
                "function_hash": "249533559069113622062965814695487421542"
            },
            "id": "PUB-A-173473906-b4dddc5a",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/b82dca76225fa11cf782127e4bcccd1fdf5fad17",
            "target": {
                "function": "fillMainDataBuf",
                "file": "media/libstagefright/codecs/mp3dec/src/pvmp3_framedecoder.cpp"
            }
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/av/+/b82dca76225fa11cf782127e4bcccd1fdf5fad17"
    ],
    "types": [
        "ID"
    ],
    "spl": "2021-06-01",
    "severity": "Moderate"
}

Database specific

source 
"https://storage.googleapis.com/android-osv/PUB-A-173473906.json"