PUB-A-215212561

See a problem?
Import Source
https://storage.googleapis.com/android-osv/PUB-A-215212561.json
JSON Data
https://api.osv.dev/v1/vulns/PUB-A-215212561
Aliases
Published
2022-06-01T00:00:00Z
Modified
2026-05-01T15:24:27.653932Z
Summary
[none]
Details

In isFileUri of FileUtil.java, there is a possible way to bypass the check for a file:// scheme due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/packages/apps/Messaging

Package

Name
platform/packages/apps/Messaging

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12L-next:0
Fixed
12L-next:2022-06-01

Affected versions

Other
12L-next

Ecosystem specific 

{
    "severity": "Moderate",
    "spl": "2022-06-01",
    "vanir_signatures": [
        {
            "signature_type": "Line",
            "digest": {
                "line_hashes": [
                    "55151738822368162832341839954082388316",
                    "158532543148131802520662100669517338349",
                    "430341620960188749378931978653877775",
                    "257116361882594476370450298514782839007"
                ],
                "threshold": 0.9
            },
            "id": "PUB-A-215212561-14b8f296",
            "match_only_versions": [
                "12L-next"
            ],
            "source": "https://android.googlesource.com/platform/packages/apps/Messaging/+/ebc64c5bae620cb67808935b0fb61cf2cfce4a9c",
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/messaging/util/ImageUtils.java"
            },
            "deprecated": false
        },
        {
            "signature_type": "Function",
            "digest": {
                "length": 1153.0,
                "function_hash": "328102028242482894970860856334176688375"
            },
            "id": "PUB-A-215212561-542b68f1",
            "match_only_versions": [
                "12L-next"
            ],
            "source": "https://android.googlesource.com/platform/packages/apps/Messaging/+/ebc64c5bae620cb67808935b0fb61cf2cfce4a9c",
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/messaging/util/ImageUtils.java",
                "function": "resizeGifImage"
            },
            "deprecated": false
        },
        {
            "signature_type": "Function",
            "digest": {
                "length": 202.0,
                "function_hash": "86737825198178567318258606714352033387"
            },
            "id": "PUB-A-215212561-7fcc2b73",
            "match_only_versions": [
                "12L-next"
            ],
            "source": "https://android.googlesource.com/platform/packages/apps/Messaging/+/ebc64c5bae620cb67808935b0fb61cf2cfce4a9c",
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/messaging/util/FileUtil.java",
                "function": "isInPrivateDir"
            },
            "deprecated": false
        },
        {
            "signature_type": "Function",
            "digest": {
                "length": 127.0,
                "function_hash": "279445365553651897327282062363648628144"
            },
            "id": "PUB-A-215212561-971e8410",
            "match_only_versions": [
                "12L-next"
            ],
            "source": "https://android.googlesource.com/platform/packages/apps/Messaging/+/ebc64c5bae620cb67808935b0fb61cf2cfce4a9c",
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/messaging/util/FileUtil.java",
                "function": "isFileUri"
            },
            "deprecated": false
        },
        {
            "signature_type": "Line",
            "digest": {
                "line_hashes": [
                    "301304605707105986568318815528801431508",
                    "247194603926222060554680320145895243998",
                    "145901796073728064701950275761276492152",
                    "6369635545030450401114924997173265369",
                    "232426966261262354398890034281368853349",
                    "334385709999191821037257413146697906683",
                    "98211686701115947148831535440844800138",
                    "272619025638548499545829796009713234427",
                    "91950206126483064770472477229327269451"
                ],
                "threshold": 0.9
            },
            "id": "PUB-A-215212561-b21c21a6",
            "match_only_versions": [
                "12L-next"
            ],
            "source": "https://android.googlesource.com/platform/packages/apps/Messaging/+/ebc64c5bae620cb67808935b0fb61cf2cfce4a9c",
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/messaging/mmslib/pdu/PduPersister.java"
            },
            "deprecated": false
        },
        {
            "signature_type": "Line",
            "digest": {
                "line_hashes": [
                    "278221800015042108510720358144854156099",
                    "96926762268128381353059792894218726378",
                    "133980779932545692079384517201769998087",
                    "165637699960546409601489629862874630445",
                    "52500540636834501652623066649234039648",
                    "338473651741458288321596832034434836563",
                    "221349403753932766943465425292837114063",
                    "251803775468755073494165601775336491475"
                ],
                "threshold": 0.9
            },
            "id": "PUB-A-215212561-bccd8ddc",
            "match_only_versions": [
                "12L-next"
            ],
            "source": "https://android.googlesource.com/platform/packages/apps/Messaging/+/ebc64c5bae620cb67808935b0fb61cf2cfce4a9c",
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/messaging/util/FileUtil.java"
            },
            "deprecated": false
        },
        {
            "signature_type": "Function",
            "digest": {
                "length": 1122.0,
                "function_hash": "129045183642100473667765870766515312170"
            },
            "id": "PUB-A-215212561-c1ef1f80",
            "match_only_versions": [
                "12L-next"
            ],
            "source": "https://android.googlesource.com/platform/packages/apps/Messaging/+/ebc64c5bae620cb67808935b0fb61cf2cfce4a9c",
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/messaging/mmslib/pdu/PduPersister.java",
                "function": "convertUriToPath"
            },
            "deprecated": false
        }
    ],
    "types": [
        "ID"
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/apps/Messaging/+/ebc64c5bae620cb67808935b0fb61cf2cfce4a9c"
    ]
}

Database specific

source 
"https://storage.googleapis.com/android-osv/PUB-A-215212561.json"

Android / platform/packages/apps/Messaging

Package

Name
platform/packages/apps/Messaging

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12L:0
Fixed
12L:2022-06-01

Affected versions

Other
12L

Ecosystem specific 

{
    "severity": "Moderate",
    "spl": "2022-06-01",
    "vanir_signatures": [
        {
            "signature_type": "Function",
            "digest": {
                "length": 1122.0,
                "function_hash": "129045183642100473667765870766515312170"
            },
            "id": "PUB-A-215212561-140999fa",
            "match_only_versions": [
                "12L"
            ],
            "source": "https://android.googlesource.com/platform/packages/apps/Messaging/+/27e27d944b4e923ca9b81e7fdd6744f94cebb508",
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/messaging/mmslib/pdu/PduPersister.java",
                "function": "convertUriToPath"
            },
            "deprecated": false
        },
        {
            "signature_type": "Line",
            "digest": {
                "line_hashes": [
                    "55151738822368162832341839954082388316",
                    "158532543148131802520662100669517338349",
                    "430341620960188749378931978653877775",
                    "257116361882594476370450298514782839007"
                ],
                "threshold": 0.9
            },
            "id": "PUB-A-215212561-33ce77ba",
            "match_only_versions": [
                "12L"
            ],
            "source": "https://android.googlesource.com/platform/packages/apps/Messaging/+/27e27d944b4e923ca9b81e7fdd6744f94cebb508",
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/messaging/util/ImageUtils.java"
            },
            "deprecated": false
        },
        {
            "signature_type": "Function",
            "digest": {
                "length": 202.0,
                "function_hash": "86737825198178567318258606714352033387"
            },
            "id": "PUB-A-215212561-3d9c0bb9",
            "match_only_versions": [
                "12L"
            ],
            "source": "https://android.googlesource.com/platform/packages/apps/Messaging/+/27e27d944b4e923ca9b81e7fdd6744f94cebb508",
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/messaging/util/FileUtil.java",
                "function": "isInPrivateDir"
            },
            "deprecated": false
        },
        {
            "signature_type": "Function",
            "digest": {
                "length": 127.0,
                "function_hash": "279445365553651897327282062363648628144"
            },
            "id": "PUB-A-215212561-6b29dc16",
            "match_only_versions": [
                "12L"
            ],
            "source": "https://android.googlesource.com/platform/packages/apps/Messaging/+/27e27d944b4e923ca9b81e7fdd6744f94cebb508",
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/messaging/util/FileUtil.java",
                "function": "isFileUri"
            },
            "deprecated": false
        },
        {
            "signature_type": "Function",
            "digest": {
                "length": 1153.0,
                "function_hash": "328102028242482894970860856334176688375"
            },
            "id": "PUB-A-215212561-cb77d132",
            "match_only_versions": [
                "12L"
            ],
            "source": "https://android.googlesource.com/platform/packages/apps/Messaging/+/27e27d944b4e923ca9b81e7fdd6744f94cebb508",
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/messaging/util/ImageUtils.java",
                "function": "resizeGifImage"
            },
            "deprecated": false
        },
        {
            "signature_type": "Line",
            "digest": {
                "line_hashes": [
                    "301304605707105986568318815528801431508",
                    "247194603926222060554680320145895243998",
                    "145901796073728064701950275761276492152",
                    "6369635545030450401114924997173265369",
                    "232426966261262354398890034281368853349",
                    "334385709999191821037257413146697906683",
                    "98211686701115947148831535440844800138",
                    "272619025638548499545829796009713234427",
                    "91950206126483064770472477229327269451"
                ],
                "threshold": 0.9
            },
            "id": "PUB-A-215212561-cf8e7261",
            "match_only_versions": [
                "12L"
            ],
            "source": "https://android.googlesource.com/platform/packages/apps/Messaging/+/27e27d944b4e923ca9b81e7fdd6744f94cebb508",
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/messaging/mmslib/pdu/PduPersister.java"
            },
            "deprecated": false
        },
        {
            "signature_type": "Line",
            "digest": {
                "line_hashes": [
                    "278221800015042108510720358144854156099",
                    "96926762268128381353059792894218726378",
                    "133980779932545692079384517201769998087",
                    "165637699960546409601489629862874630445",
                    "52500540636834501652623066649234039648",
                    "338473651741458288321596832034434836563",
                    "221349403753932766943465425292837114063",
                    "251803775468755073494165601775336491475"
                ],
                "threshold": 0.9
            },
            "id": "PUB-A-215212561-fce40473",
            "match_only_versions": [
                "12L"
            ],
            "source": "https://android.googlesource.com/platform/packages/apps/Messaging/+/27e27d944b4e923ca9b81e7fdd6744f94cebb508",
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/messaging/util/FileUtil.java"
            },
            "deprecated": false
        }
    ],
    "types": [
        "ID"
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/apps/Messaging/+/27e27d944b4e923ca9b81e7fdd6744f94cebb508"
    ]
}

Database specific

source 
"https://storage.googleapis.com/android-osv/PUB-A-215212561.json"