ASB-A-193363621

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-193363621.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-193363621
Aliases
  • A-193363621
  • CVE-2021-0964
Published
2021-12-01T00:00:00Z
Modified
2024-08-07T19:29:58.257162Z
Summary
C2FuzzerMp3Dec: Crash in android::SimpleC2Component::processQueue
Details

In C2SoftMP3::process() of C2SoftMp3Dec.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

References

Affected packages

Android / platform/hardware/google/av

Affected ranges

Type
ECOSYSTEM
Events
Introduced
9:0
Fixed
9:2021-12-01

Affected versions

Other

9

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "43880098200668643346508557869682770055",
                    "318607763541445393655535403309768895787",
                    "276703186263668439432569423678666677466",
                    "126108513511708102732740812763650642324"
                ]
            },
            "id": "ASB-A-193363621-a507c647",
            "source": "https://android.googlesource.com/platform/hardware/google/av/+/c3e2eb596635757ef854ce288cd2cd9921d7fa45",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "media/codecs/mp3/C2SoftMp3Dec.cpp"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 5612.0,
                "function_hash": "135625351549208901408861286811622870460"
            },
            "id": "ASB-A-193363621-b5991258",
            "source": "https://android.googlesource.com/platform/hardware/google/av/+/c3e2eb596635757ef854ce288cd2cd9921d7fa45",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "media/codecs/mp3/C2SoftMp3Dec.cpp",
                "function": "C2SoftMP3::process"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/hardware/google/av/+/c3e2eb596635757ef854ce288cd2cd9921d7fa45"
    ],
    "spl": "2021-12-01",
    "severity": "High",
    "types": [
        "ID"
    ]
}

Android / platform/frameworks/av

Affected ranges

Type
ECOSYSTEM
Events
Introduced
10:0
Fixed
10:2021-12-01

Affected versions

Other

10

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "43880098200668643346508557869682770055",
                    "318607763541445393655535403309768895787",
                    "276703186263668439432569423678666677466",
                    "126108513511708102732740812763650642324"
                ]
            },
            "id": "ASB-A-193363621-283f9804",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/dc32721e28e79df4dd2f5bb896bcf586ebeda5e9",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "media/codec2/components/mp3/C2SoftMp3Dec.cpp"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 5619.0,
                "function_hash": "156248296851199659471483252604381389404"
            },
            "id": "ASB-A-193363621-65b7b2c4",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/dc32721e28e79df4dd2f5bb896bcf586ebeda5e9",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "media/codec2/components/mp3/C2SoftMp3Dec.cpp",
                "function": "C2SoftMP3::process"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/av/+/dc32721e28e79df4dd2f5bb896bcf586ebeda5e9"
    ],
    "spl": "2021-12-01",
    "severity": "High",
    "types": [
        "ID"
    ]
}

Android / platform/frameworks/av

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11:0
Fixed
11:2021-12-01

Affected versions

Other

11

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "43880098200668643346508557869682770055",
                    "318607763541445393655535403309768895787",
                    "276703186263668439432569423678666677466",
                    "126108513511708102732740812763650642324"
                ]
            },
            "id": "ASB-A-193363621-6c3c6e15",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/dc32721e28e79df4dd2f5bb896bcf586ebeda5e9",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "media/codec2/components/mp3/C2SoftMp3Dec.cpp"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 5619.0,
                "function_hash": "156248296851199659471483252604381389404"
            },
            "id": "ASB-A-193363621-fcdf0b06",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/dc32721e28e79df4dd2f5bb896bcf586ebeda5e9",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "media/codec2/components/mp3/C2SoftMp3Dec.cpp",
                "function": "C2SoftMP3::process"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/av/+/dc32721e28e79df4dd2f5bb896bcf586ebeda5e9"
    ],
    "spl": "2021-12-01",
    "severity": "High",
    "types": [
        "ID"
    ]
}

Android / platform/frameworks/av

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12:0
Fixed
12:2021-12-01

Affected versions

Other

12

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "43880098200668643346508557869682770055",
                    "318607763541445393655535403309768895787",
                    "276703186263668439432569423678666677466",
                    "126108513511708102732740812763650642324"
                ]
            },
            "id": "ASB-A-193363621-a3bea0ca",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/dc32721e28e79df4dd2f5bb896bcf586ebeda5e9",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "media/codec2/components/mp3/C2SoftMp3Dec.cpp"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 5619.0,
                "function_hash": "156248296851199659471483252604381389404"
            },
            "id": "ASB-A-193363621-ab11b85c",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/dc32721e28e79df4dd2f5bb896bcf586ebeda5e9",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "media/codec2/components/mp3/C2SoftMp3Dec.cpp",
                "function": "C2SoftMP3::process"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/av/+/dc32721e28e79df4dd2f5bb896bcf586ebeda5e9"
    ],
    "spl": "2021-12-01",
    "severity": "High",
    "types": [
        "ID"
    ]
}