ASB-A-152496149

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-152496149.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-152496149
Aliases
  • A-152496149
  • CVE-2020-0245
Published
2020-09-01T00:00:00Z
Modified
2024-08-07T19:29:31.344926Z
Summary
mpeg4_dec_fuzzer: Tag-mismatch in DecodeFrameCombinedMode
Details

In DecodeFrameCombinedMode of combined_decode.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

References

Affected packages

Android / platform/frameworks/av

Affected ranges

Type
ECOSYSTEM
Events
Introduced
8.0:0
Fixed
8.0:2020-09-01

Affected versions

8.*

8.0

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "334726445611040651805308518657547502328",
                    "302165643461263201211534998004767159937",
                    "226269220506570919067913862504097789007",
                    "207993031518915275674796219289714529616",
                    "61525047071483516889569781706181810859",
                    "70006150308981293561223273089275553736",
                    "256576577570968665084339381138057802861"
                ]
            },
            "id": "ASB-A-152496149-58887e11",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/b875a5fe0db2e2d4bf44746bb8ca4dc1e959925e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "media/libstagefright/codecs/m4v_h263/dec/src/vop.cpp"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 10648.0,
                "function_hash": "288748447126358271450202249967440015477"
            },
            "id": "ASB-A-152496149-a3763bb8",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/b875a5fe0db2e2d4bf44746bb8ca4dc1e959925e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "media/libstagefright/codecs/m4v_h263/dec/src/vop.cpp",
                "function": "DecodeVOLHeader"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/av/+/b875a5fe0db2e2d4bf44746bb8ca4dc1e959925e"
    ],
    "spl": "2020-09-01",
    "severity": "Critical",
    "types": [
        "RCE"
    ]
}

Android / platform/frameworks/av

Affected ranges

Type
ECOSYSTEM
Events
Introduced
8.1:0
Fixed
8.1:2020-09-01

Affected versions

8.*

8.1

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "334726445611040651805308518657547502328",
                    "302165643461263201211534998004767159937",
                    "226269220506570919067913862504097789007",
                    "207993031518915275674796219289714529616",
                    "61525047071483516889569781706181810859",
                    "70006150308981293561223273089275553736",
                    "256576577570968665084339381138057802861"
                ]
            },
            "id": "ASB-A-152496149-02beaeb9",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/b875a5fe0db2e2d4bf44746bb8ca4dc1e959925e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "media/libstagefright/codecs/m4v_h263/dec/src/vop.cpp"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 10648.0,
                "function_hash": "288748447126358271450202249967440015477"
            },
            "id": "ASB-A-152496149-deddc686",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/b875a5fe0db2e2d4bf44746bb8ca4dc1e959925e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "media/libstagefright/codecs/m4v_h263/dec/src/vop.cpp",
                "function": "DecodeVOLHeader"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/av/+/b875a5fe0db2e2d4bf44746bb8ca4dc1e959925e"
    ],
    "spl": "2020-09-01",
    "severity": "Critical",
    "types": [
        "RCE"
    ]
}

Android / platform/frameworks/av

Affected ranges

Type
ECOSYSTEM
Events
Introduced
9:0
Fixed
9:2020-09-01

Affected versions

Other

9

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 10648.0,
                "function_hash": "288748447126358271450202249967440015477"
            },
            "id": "ASB-A-152496149-21ce42d7",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/b875a5fe0db2e2d4bf44746bb8ca4dc1e959925e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "media/libstagefright/codecs/m4v_h263/dec/src/vop.cpp",
                "function": "DecodeVOLHeader"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "334726445611040651805308518657547502328",
                    "302165643461263201211534998004767159937",
                    "226269220506570919067913862504097789007",
                    "207993031518915275674796219289714529616",
                    "61525047071483516889569781706181810859",
                    "70006150308981293561223273089275553736",
                    "256576577570968665084339381138057802861"
                ]
            },
            "id": "ASB-A-152496149-b385b279",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/b875a5fe0db2e2d4bf44746bb8ca4dc1e959925e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "media/libstagefright/codecs/m4v_h263/dec/src/vop.cpp"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/av/+/b875a5fe0db2e2d4bf44746bb8ca4dc1e959925e"
    ],
    "spl": "2020-09-01",
    "severity": "Critical",
    "types": [
        "RCE"
    ]
}

Android / platform/frameworks/av

Affected ranges

Type
ECOSYSTEM
Events
Introduced
10:0
Fixed
10:2020-09-01

Affected versions

Other

10

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "334726445611040651805308518657547502328",
                    "302165643461263201211534998004767159937",
                    "226269220506570919067913862504097789007",
                    "207993031518915275674796219289714529616",
                    "61525047071483516889569781706181810859",
                    "70006150308981293561223273089275553736",
                    "256576577570968665084339381138057802861"
                ]
            },
            "id": "ASB-A-152496149-410df9d8",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/b875a5fe0db2e2d4bf44746bb8ca4dc1e959925e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "media/libstagefright/codecs/m4v_h263/dec/src/vop.cpp"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 10648.0,
                "function_hash": "288748447126358271450202249967440015477"
            },
            "id": "ASB-A-152496149-6720f5a7",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/b875a5fe0db2e2d4bf44746bb8ca4dc1e959925e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "media/libstagefright/codecs/m4v_h263/dec/src/vop.cpp",
                "function": "DecodeVOLHeader"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/av/+/b875a5fe0db2e2d4bf44746bb8ca4dc1e959925e"
    ],
    "spl": "2020-09-01",
    "severity": "High",
    "types": [
        "ID"
    ]
}