PUB-A-253270285
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/PUB-A-253270285.json
- JSON Data
- https://api.osv.dev/v1/vulns/PUB-A-253270285
- Aliases
-
- A-253270285
- CVE-2023-21168
- Published
- 2023-06-01T00:00:00Z
- Modified
- 2025-11-04T16:30:24.675950Z
- Summary
- [none]
- Details
-
In convertCbYCrY of ColorConverter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/frameworks/av
Package
Ecosystem specific
{
"types": [
"ID"
],
"severity": "Moderate",
"spl": "2023-06-01",
"vanir_signatures": [
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"function_hash": "123988967678890240294577453835414320223",
"length": 915.0
},
"target": {
"function": "getReadFromSrc",
"file": "media/libstagefright/colorconversion/ColorConverter.cpp"
},
"id": "PUB-A-253270285-6d297dc3",
"source": "https://android.googlesource.com/platform/frameworks/av/+/c08c1043f5885aa068aedbdf51d24fe9e263553f",
"signature_type": "Function"
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"247606929921569637163089663459307512815",
"162468755297891912520422811693842132036",
"254432283313079325491194098881992855387",
"38881760499021515293662628603536897904",
"328226532138181082401936676670306588090",
"223829474420745526143126951000763899214",
"89207115104440282910131881837841512723",
"37105404677024232302250704522779804820",
"191072364846845926947077829811628946789",
"254905477409565341869506942169404237354",
"230556549267049151037759073922662946064",
"132689681402242674585451810505020103616",
"127374590885222521170458991891530404016",
"37792625455219703577659786099840613656",
"334346829381369127124127847900752248974",
"251027418843848625708820634607306862935",
"252267306090320544493362491608696949966",
"304388302561184395785218750226908815079",
"302257822095487733467440345717112928434",
"51517603708237311385015694210021784755",
"153852415568437632301780515290025639024",
"222671634347578686984383990285938928500",
"64737848183103375083224713255938333630",
"309718538296508665938643380545298306683",
"326783346937967787988499727122846398347",
"188716468207015984329505888894128118422",
"173909383261093392288234898638705334209",
"2795576634361627858378244162203156224",
"277019259381017583880767045344505972759",
"127591723109083262272306948022416211084",
"244212880500451180977978914472399953275",
"245962444517351300916559881204843075394",
"108264517671512425861420479481068638280",
"266156898699292782649407271617747039532",
"88990028098950162462757902336410846998",
"86554587238856826418566951732715549806",
"179841912767205726522844395268755182685",
"258935848626569663700681253271609166599",
"286009444894696987403124801589270818407",
"152068414452839869933155231066257268780",
"274223732432458761780875226743089912887",
"245962444517351300916559881204843075394",
"327663425995239953195917693979278945829",
"122403152652220414800525444798360945519",
"138160945716980754434899655271767454546",
"258713258250791638393243588466923101301",
"326420902817349070757773297337322329403",
"1668478677806568720607612099697871094",
"259149532170830187873756892469351622375",
"43827774730289096105614596117763855572",
"311381044966032296506437904171191058104",
"322622525603614549278974782514718083560",
"93328457853236515700818708390660839266",
"79381425374988155611771167746572191424",
"37650678641863238555968970234472570383",
"322960926552301589612007239303523125546",
"17562178531261807354693057721626487772",
"324319691231371479834091629622722939693",
"331667421718573721976660854424528278825",
"19065740997626026515176964334817499385",
"246057523372482277008534301905817602565",
"241897056460525402074328496747551091226",
"122496031412997421973013804924399759407",
"40778205112221055732915665459379534726",
"221767472228342591091669781024425144422"
],
"threshold": 0.9
},
"target": {
"file": "media/libstagefright/colorconversion/ColorConverter.cpp"
},
"id": "PUB-A-253270285-72942b13",
"source": "https://android.googlesource.com/platform/frameworks/av/+/c08c1043f5885aa068aedbdf51d24fe9e263553f",
"signature_type": "Line"
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"function_hash": "76283737745877963792457644205336706908",
"length": 386.0
},
"target": {
"function": "ColorConverter::convertTIYUV420PackedSemiPlanar",
"file": "media/libstagefright/colorconversion/ColorConverter.cpp"
},
"id": "PUB-A-253270285-79e84056",
"source": "https://android.googlesource.com/platform/frameworks/av/+/c08c1043f5885aa068aedbdf51d24fe9e263553f",
"signature_type": "Function"
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"function_hash": "196635619474923974999661075454352066057",
"length": 1900.0
},
"target": {
"function": "ColorConverter::convertCbYCrY",
"file": "media/libstagefright/colorconversion/ColorConverter.cpp"
},
"id": "PUB-A-253270285-a5f48cfa",
"source": "https://android.googlesource.com/platform/frameworks/av/+/c08c1043f5885aa068aedbdf51d24fe9e263553f",
"signature_type": "Function"
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"function_hash": "131743926513006185395435228416380509161",
"length": 805.0
},
"target": {
"function": "ColorConversionFuzzer::getFrameSize",
"file": "media/libstagefright/colorconversion/fuzzer/color_conversion_fuzzer.cpp"
},
"id": "PUB-A-253270285-bfc10c17",
"source": "https://android.googlesource.com/platform/frameworks/av/+/c08c1043f5885aa068aedbdf51d24fe9e263553f",
"signature_type": "Function"
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"218621079050653049139810160769239426565",
"108659759287823854966032310642045376969",
"92455655434855914212888217653088167019",
"227302074224894561506382621427985180267",
"187414483899263778587979468452781787230",
"214110847614600612348865867415367245332",
"163472157240168647643119683323031868073"
],
"threshold": 0.9
},
"target": {
"file": "media/libstagefright/include/media/stagefright/ColorConverter.h"
},
"id": "PUB-A-253270285-c4c6ab36",
"source": "https://android.googlesource.com/platform/frameworks/av/+/c08c1043f5885aa068aedbdf51d24fe9e263553f",
"signature_type": "Line"
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"function_hash": "239512189187503554837704287213771624329",
"length": 1910.0
},
"target": {
"function": "ColorConverter::convert",
"file": "media/libstagefright/colorconversion/ColorConverter.cpp"
},
"id": "PUB-A-253270285-c5c975e4",
"source": "https://android.googlesource.com/platform/frameworks/av/+/c08c1043f5885aa068aedbdf51d24fe9e263553f",
"signature_type": "Function"
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"165488080103468868855818276930705579619",
"291697450291301355739440695941383161090",
"161276000092022105230073210195997540165",
"135212426967586381271980294992681211221",
"206064782891592509690218425122761889639",
"335133680877517350073721952159561753370",
"161996591879633750008082456825890203320",
"189889676744187243835150914468573082182"
],
"threshold": 0.9
},
"target": {
"file": "media/libstagefright/colorconversion/fuzzer/color_conversion_fuzzer.cpp"
},
"id": "PUB-A-253270285-dfdc3f36",
"source": "https://android.googlesource.com/platform/frameworks/av/+/c08c1043f5885aa068aedbdf51d24fe9e263553f",
"signature_type": "Line"
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"function_hash": "336745774048628856118042949219496504276",
"length": 418.0
},
"target": {
"function": "ColorConverter::convertQCOMYUV420SemiPlanar",
"file": "media/libstagefright/colorconversion/ColorConverter.cpp"
},
"id": "PUB-A-253270285-e0d6185b",
"source": "https://android.googlesource.com/platform/frameworks/av/+/c08c1043f5885aa068aedbdf51d24fe9e263553f",
"signature_type": "Function"
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"function_hash": "238372230084816672022644670230890856922",
"length": 1979.0
},
"target": {
"function": "ColorConverter::convertYUV420SemiPlanarBase",
"file": "media/libstagefright/colorconversion/ColorConverter.cpp"
},
"id": "PUB-A-253270285-f95cfaec",
"source": "https://android.googlesource.com/platform/frameworks/av/+/c08c1043f5885aa068aedbdf51d24fe9e263553f",
"signature_type": "Function"
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"function_hash": "218366344756698997654754663693312477268",
"length": 429.0
},
"target": {
"function": "ColorConverter::convertYUV420SemiPlanar",
"file": "media/libstagefright/colorconversion/ColorConverter.cpp"
},
"id": "PUB-A-253270285-ffcacf9f",
"source": "https://android.googlesource.com/platform/frameworks/av/+/c08c1043f5885aa068aedbdf51d24fe9e263553f",
"signature_type": "Function"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/av/+/c08c1043f5885aa068aedbdf51d24fe9e263553f"
]
}
Android / platform/frameworks/av
Package
Ecosystem specific
{
"types": [
"ID"
],
"severity": "Moderate",
"spl": "2023-06-01",
"vanir_signatures": [
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"function_hash": "76283737745877963792457644205336706908",
"length": 386.0
},
"target": {
"function": "ColorConverter::convertTIYUV420PackedSemiPlanar",
"file": "media/libstagefright/colorconversion/ColorConverter.cpp"
},
"id": "PUB-A-253270285-015d8fda",
"source": "https://android.googlesource.com/platform/frameworks/av/+/9911928440f6bd233806d83d179947f103ebc6ef",
"signature_type": "Function"
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"function_hash": "238372230084816672022644670230890856922",
"length": 1979.0
},
"target": {
"function": "ColorConverter::convertYUV420SemiPlanarBase",
"file": "media/libstagefright/colorconversion/ColorConverter.cpp"
},
"id": "PUB-A-253270285-12236729",
"source": "https://android.googlesource.com/platform/frameworks/av/+/9911928440f6bd233806d83d179947f103ebc6ef",
"signature_type": "Function"
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"function_hash": "336745774048628856118042949219496504276",
"length": 418.0
},
"target": {
"function": "ColorConverter::convertQCOMYUV420SemiPlanar",
"file": "media/libstagefright/colorconversion/ColorConverter.cpp"
},
"id": "PUB-A-253270285-1d1f4a59",
"source": "https://android.googlesource.com/platform/frameworks/av/+/9911928440f6bd233806d83d179947f103ebc6ef",
"signature_type": "Function"
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"function_hash": "196635619474923974999661075454352066057",
"length": 1900.0
},
"target": {
"function": "ColorConverter::convertCbYCrY",
"file": "media/libstagefright/colorconversion/ColorConverter.cpp"
},
"id": "PUB-A-253270285-5fa7a06e",
"source": "https://android.googlesource.com/platform/frameworks/av/+/9911928440f6bd233806d83d179947f103ebc6ef",
"signature_type": "Function"
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"function_hash": "123988967678890240294577453835414320223",
"length": 915.0
},
"target": {
"function": "getReadFromSrc",
"file": "media/libstagefright/colorconversion/ColorConverter.cpp"
},
"id": "PUB-A-253270285-64b0fd9f",
"source": "https://android.googlesource.com/platform/frameworks/av/+/9911928440f6bd233806d83d179947f103ebc6ef",
"signature_type": "Function"
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"function_hash": "239512189187503554837704287213771624329",
"length": 1910.0
},
"target": {
"function": "ColorConverter::convert",
"file": "media/libstagefright/colorconversion/ColorConverter.cpp"
},
"id": "PUB-A-253270285-6d42617a",
"source": "https://android.googlesource.com/platform/frameworks/av/+/9911928440f6bd233806d83d179947f103ebc6ef",
"signature_type": "Function"
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"247606929921569637163089663459307512815",
"162468755297891912520422811693842132036",
"254432283313079325491194098881992855387",
"38881760499021515293662628603536897904",
"328226532138181082401936676670306588090",
"223829474420745526143126951000763899214",
"89207115104440282910131881837841512723",
"37105404677024232302250704522779804820",
"191072364846845926947077829811628946789",
"254905477409565341869506942169404237354",
"230556549267049151037759073922662946064",
"132689681402242674585451810505020103616",
"127374590885222521170458991891530404016",
"37792625455219703577659786099840613656",
"334346829381369127124127847900752248974",
"251027418843848625708820634607306862935",
"252267306090320544493362491608696949966",
"304388302561184395785218750226908815079",
"302257822095487733467440345717112928434",
"51517603708237311385015694210021784755",
"153852415568437632301780515290025639024",
"222671634347578686984383990285938928500",
"64737848183103375083224713255938333630",
"309718538296508665938643380545298306683",
"326783346937967787988499727122846398347",
"188716468207015984329505888894128118422",
"173909383261093392288234898638705334209",
"2795576634361627858378244162203156224",
"277019259381017583880767045344505972759",
"127591723109083262272306948022416211084",
"244212880500451180977978914472399953275",
"245962444517351300916559881204843075394",
"108264517671512425861420479481068638280",
"266156898699292782649407271617747039532",
"88990028098950162462757902336410846998",
"86554587238856826418566951732715549806",
"179841912767205726522844395268755182685",
"258935848626569663700681253271609166599",
"286009444894696987403124801589270818407",
"152068414452839869933155231066257268780",
"274223732432458761780875226743089912887",
"245962444517351300916559881204843075394",
"327663425995239953195917693979278945829",
"122403152652220414800525444798360945519",
"138160945716980754434899655271767454546",
"258713258250791638393243588466923101301",
"326420902817349070757773297337322329403",
"1668478677806568720607612099697871094",
"259149532170830187873756892469351622375",
"43827774730289096105614596117763855572",
"311381044966032296506437904171191058104",
"322622525603614549278974782514718083560",
"93328457853236515700818708390660839266",
"79381425374988155611771167746572191424",
"37650678641863238555968970234472570383",
"322960926552301589612007239303523125546",
"17562178531261807354693057721626487772",
"324319691231371479834091629622722939693",
"331667421718573721976660854424528278825",
"19065740997626026515176964334817499385",
"246057523372482277008534301905817602565",
"241897056460525402074328496747551091226",
"122496031412997421973013804924399759407",
"40778205112221055732915665459379534726",
"221767472228342591091669781024425144422"
],
"threshold": 0.9
},
"target": {
"file": "media/libstagefright/colorconversion/ColorConverter.cpp"
},
"id": "PUB-A-253270285-77e262c0",
"source": "https://android.googlesource.com/platform/frameworks/av/+/9911928440f6bd233806d83d179947f103ebc6ef",
"signature_type": "Line"
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"function_hash": "218366344756698997654754663693312477268",
"length": 429.0
},
"target": {
"function": "ColorConverter::convertYUV420SemiPlanar",
"file": "media/libstagefright/colorconversion/ColorConverter.cpp"
},
"id": "PUB-A-253270285-83b84378",
"source": "https://android.googlesource.com/platform/frameworks/av/+/9911928440f6bd233806d83d179947f103ebc6ef",
"signature_type": "Function"
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"218621079050653049139810160769239426565",
"108659759287823854966032310642045376969",
"92455655434855914212888217653088167019",
"227302074224894561506382621427985180267",
"187414483899263778587979468452781787230",
"214110847614600612348865867415367245332",
"163472157240168647643119683323031868073"
],
"threshold": 0.9
},
"target": {
"file": "media/libstagefright/include/media/stagefright/ColorConverter.h"
},
"id": "PUB-A-253270285-bb8a19cc",
"source": "https://android.googlesource.com/platform/frameworks/av/+/9911928440f6bd233806d83d179947f103ebc6ef",
"signature_type": "Line"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/av/+/9911928440f6bd233806d83d179947f103ebc6ef"
]
}