ASB-A-190188264

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-190188264.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-190188264
Aliases
  • A-190188264
  • CVE-2021-0689
Published
2021-09-01T00:00:00Z
Modified
2024-08-07T19:30:03.385387Z
Summary
imagedecoder_png_fuzzer: Heap-buffer-overflow in ssse3::RGB_to_BGR1
Details

In RGBtoBGR1portable of SkSwizzleropts.h, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/external/skia

Affected ranges

Type
ECOSYSTEM
Events
Introduced
8.1:0
Fixed
8.1:2021-09-01

Affected versions

8.*

8.1

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 2480.0,
                "function_hash": "285395463373915393347545701890417304026"
            },
            "id": "ASB-A-190188264-18d2364b",
            "source": "https://android.googlesource.com/platform/external/skia/+/a9aecd9f2c1f9a099cd215071f7eefd16716b78d",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/codec/SkPngCodec.cpp",
                "function": "AutoCleanPng::infoCallback"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "183372306349494195711233200201906401609",
                    "335547607736632111091228371608756708370",
                    "19009387314362901367046143492276289475",
                    "265982299011217530669767913301086045165",
                    "130113877502114924679451253444039237699",
                    "338365214205985552224790986353001719399",
                    "75587140542545983769323770029755648260",
                    "134329723228639152069666605033475035357",
                    "35737381001436890795022336164807692117",
                    "80794029022840003927332240915561277619"
                ]
            },
            "id": "ASB-A-190188264-d87e21bd",
            "source": "https://android.googlesource.com/platform/external/skia/+/a9aecd9f2c1f9a099cd215071f7eefd16716b78d",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/codec/SkPngCodec.cpp"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/external/skia/+/a9aecd9f2c1f9a099cd215071f7eefd16716b78d"
    ],
    "spl": "2021-09-01",
    "severity": "High",
    "types": [
        "ID"
    ]
}

Android / platform/external/skia

Affected ranges

Type
ECOSYSTEM
Events
Introduced
9:0
Fixed
9:2021-09-01

Affected versions

Other

9

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 2892.0,
                "function_hash": "231182096711003808708792943300110672945"
            },
            "id": "ASB-A-190188264-107cb53b",
            "source": "https://android.googlesource.com/platform/external/skia/+/6a2a767f72c965775fa1740bfcdc57c24488ac6a",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/codec/SkPngCodec.cpp",
                "function": "AutoCleanPng::infoCallback"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "10994850540922420492930445393929156302",
                    "255921365869658759796708459551026119000",
                    "67367156035029590188715067878742124319",
                    "276120219403427079990568762938266351640",
                    "134329723228639152069666605033475035357",
                    "292673673292277796286139533192802842706",
                    "25850175388776453459710090526632050636"
                ]
            },
            "id": "ASB-A-190188264-e8321356",
            "source": "https://android.googlesource.com/platform/external/skia/+/6a2a767f72c965775fa1740bfcdc57c24488ac6a",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/codec/SkPngCodec.cpp"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/external/skia/+/6a2a767f72c965775fa1740bfcdc57c24488ac6a"
    ],
    "spl": "2021-09-01",
    "severity": "High",
    "types": [
        "ID"
    ]
}

Android / platform/external/skia

Affected ranges

Type
ECOSYSTEM
Events
Introduced
10:0
Fixed
10:2021-09-01

Affected versions

Other

10

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 2775.0,
                "function_hash": "182473588981492821971434054563942896719"
            },
            "id": "ASB-A-190188264-0079802e",
            "source": "https://android.googlesource.com/platform/external/skia/+/f6de97fce5c06b0388d278f63179d7282c136e2e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/codec/SkPngCodec.cpp",
                "function": "AutoCleanPng::infoCallback"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "296164426771448767332794563870631957363",
                    "214802071101549081086748596673695376295",
                    "195191014024978020949360166116147171196",
                    "102281431097298178247267434048113930391",
                    "31880433092381863557589344417693260984",
                    "154609196070311678013871019635961844850",
                    "292060001566329102689319086667241910242",
                    "59358462761040295415055082760931036899",
                    "255921365869658759796708459551026119000",
                    "67367156035029590188715067878742124319",
                    "276120219403427079990568762938266351640",
                    "156273438097299005783040256352212825291",
                    "215376580948269150805891928936305255299",
                    "326564530949482491645081094487191766888",
                    "44893127217249116336724495894078550729",
                    "239799770277090836066355796810986406786",
                    "116214531548337953171757164617868497614",
                    "327439198515478220226181053636193154079"
                ]
            },
            "id": "ASB-A-190188264-eb946bec",
            "source": "https://android.googlesource.com/platform/external/skia/+/f6de97fce5c06b0388d278f63179d7282c136e2e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/codec/SkPngCodec.cpp"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/external/skia/+/f6de97fce5c06b0388d278f63179d7282c136e2e"
    ],
    "spl": "2021-09-01",
    "severity": "High",
    "types": [
        "ID"
    ]
}

Android / platform/external/skia

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11:0
Fixed
11:2021-09-01

Affected versions

Other

11

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "296164426771448767332794563870631957363",
                    "214802071101549081086748596673695376295",
                    "195191014024978020949360166116147171196",
                    "102281431097298178247267434048113930391",
                    "31880433092381863557589344417693260984",
                    "154609196070311678013871019635961844850",
                    "292060001566329102689319086667241910242",
                    "59358462761040295415055082760931036899",
                    "255921365869658759796708459551026119000",
                    "67367156035029590188715067878742124319",
                    "276120219403427079990568762938266351640",
                    "156273438097299005783040256352212825291",
                    "215376580948269150805891928936305255299",
                    "326564530949482491645081094487191766888",
                    "44893127217249116336724495894078550729",
                    "239799770277090836066355796810986406786",
                    "116214531548337953171757164617868497614",
                    "327439198515478220226181053636193154079"
                ]
            },
            "id": "ASB-A-190188264-185dc744",
            "source": "https://android.googlesource.com/platform/external/skia/+/f6de97fce5c06b0388d278f63179d7282c136e2e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/codec/SkPngCodec.cpp"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 2775.0,
                "function_hash": "182473588981492821971434054563942896719"
            },
            "id": "ASB-A-190188264-6af31f75",
            "source": "https://android.googlesource.com/platform/external/skia/+/f6de97fce5c06b0388d278f63179d7282c136e2e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/codec/SkPngCodec.cpp",
                "function": "AutoCleanPng::infoCallback"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/external/skia/+/f6de97fce5c06b0388d278f63179d7282c136e2e"
    ],
    "spl": "2021-09-01",
    "severity": "High",
    "types": [
        "ID"
    ]
}