In setDataSource of initMediaExtractor.cpp, there is a possibility of arbitrary code execution due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "length": 146.0, "function_hash": "23653717122270778724204293439985434165" }, "id": "ASB-A-245242273-51c292b6", "source": "https://android.googlesource.com/platform/frameworks/av/+/2bddcbdd0c25b434920c87d74a11d0d63fd7edea", "deprecated": false, "signature_version": "v1", "target": { "file": "media/libstagefright/NuMediaExtractor.cpp", "function": "NuMediaExtractor::getName" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "271849879462872707776287625108644992993", "64010299961617831360040512285307972196", "287666787316099740787154850390246511615", "196285614905794178365084748192323661138", "107930451518662961911297779895581822927", "172624540704745547462622122165938822359", "185838109690188501972009872918370338901", "183831300453848237931103354956243789070" ] }, "id": "ASB-A-245242273-6a798918", "source": "https://android.googlesource.com/platform/frameworks/av/+/2bddcbdd0c25b434920c87d74a11d0d63fd7edea", "deprecated": false, "signature_version": "v1", "target": { "file": "media/libstagefright/include/media/stagefright/NuMediaExtractor.h" }, "signature_type": "Line" }, { "digest": { "threshold": 0.9, "line_hashes": [ "143576365321730468659230465742110064082", "322160053123860888307025865705324035485", "299965541041716971609906424841545768410", "239218310709079046737665012066471851594", "126750442462805224230468544861564047818", "123582085208579010732296801471683809596", "44579629554691051103220216249474792545", "213359870337200650653710694861923590377", "107467414503208089952068286116358093439", "162691025664588896249614427892794907722", "331643000748433255914052779394681406804", "84960366174467484542481412714966543056", "169791953022630705407735069438940696431", "56901345247328293914388890236501126532", "279971338656783182856306687100139767455", "279742316532192004934434948495903663837", "291396540000534833471708989640713815184", "862794181738705522595699339747938367", "82820699536854161553079210120620055722", "194583019482415218022981294695839280424", "52058568201682842369813922905299897605", "157735403909728538477013562417815399090", "14567398964173395607071162100950216477", "82168118137627172047800290539233816973", "147757289815501646473087128729128323802", "271517840176517617467172065522099907124", "287845296224003223575920155308737730734", "317975429287633934619345630851074479274", "213359870337200650653710694861923590377", "80417236931436638680865785242095430769", "268529417068342747351650056111368556881", "250152176803792544399381460244119134711", "169791953022630705407735069438940696431", "56901345247328293914388890236501126532", "279971338656783182856306687100139767455", "279742316532192004934434948495903663837", "291396540000534833471708989640713815184", "862794181738705522595699339747938367", "162062966337976833081421123558011180591", "192604221860424284452805253954590306863", "74627997149715815940403700939495697036", "129888928028045160285549240156777479833", "228298684088715702708289083978335973765", "44505734795668179087149406199365306592", "90324539402450093765605449179170044229", "77745759429256282010830548060596004396", "204386460182846048336444787231890592793", "57400099211053204835982805308840020066", "213359870337200650653710694861923590377", "80417236931436638680865785242095430769", "268529417068342747351650056111368556881", "250152176803792544399381460244119134711", "169791953022630705407735069438940696431", "56901345247328293914388890236501126532", "279971338656783182856306687100139767455", "279742316532192004934434948495903663837", "291396540000534833471708989640713815184", "862794181738705522595699339747938367", "235213135947903042071100338764233712896", "22584322131642716058729911232185337007", "148464474348142765504534913846542082374", "149195659502554307738611789790070390137", "242532707240972791239480300641243248157", "131249883077207173052525219277764757376", "193830096701641894320385062104560016815", "61641050652822845131201087620549943292", "189684812456095264734343831928217873899", "297952419080970206546149715048073553378" ] }, "id": "ASB-A-245242273-91d217e7", "source": "https://android.googlesource.com/platform/frameworks/av/+/2bddcbdd0c25b434920c87d74a11d0d63fd7edea", "deprecated": false, "signature_version": "v1", "target": { "file": "media/libstagefright/NuMediaExtractor.cpp" }, "signature_type": "Line" }, { "digest": { "length": 801.0, "function_hash": "14945545501658939233432271447364185516" }, "id": "ASB-A-245242273-df72b9de", "source": "https://android.googlesource.com/platform/frameworks/av/+/2bddcbdd0c25b434920c87d74a11d0d63fd7edea", "deprecated": false, "signature_version": "v1", "target": { "file": "media/libstagefright/NuMediaExtractor.cpp", "function": "NuMediaExtractor::setDataSource" }, "signature_type": "Function" }, { "digest": { "length": 717.0, "function_hash": "286246547169833840408346000586825163818" }, "id": "ASB-A-245242273-f3261941", "source": "https://android.googlesource.com/platform/frameworks/av/+/2bddcbdd0c25b434920c87d74a11d0d63fd7edea", "deprecated": false, "signature_version": "v1", "target": { "file": "media/libstagefright/NuMediaExtractor.cpp", "function": "NuMediaExtractor::setDataSource" }, "signature_type": "Function" }, { "digest": { "length": 580.0, "function_hash": "219449820909660414074353465109812778227" }, "id": "ASB-A-245242273-fb742914", "source": "https://android.googlesource.com/platform/frameworks/av/+/2bddcbdd0c25b434920c87d74a11d0d63fd7edea", "deprecated": false, "signature_version": "v1", "target": { "file": "media/libstagefright/NuMediaExtractor.cpp", "function": "NuMediaExtractor::setDataSource" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/av/+/2bddcbdd0c25b434920c87d74a11d0d63fd7edea" ], "spl": "2022-12-01", "severity": "High", "types": [ "ID" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "271849879462872707776287625108644992993", "64010299961617831360040512285307972196", "287666787316099740787154850390246511615", "196285614905794178365084748192323661138", "107930451518662961911297779895581822927", "172624540704745547462622122165938822359", "185838109690188501972009872918370338901", "183831300453848237931103354956243789070" ] }, "id": "ASB-A-245242273-37ae5240", "source": "https://android.googlesource.com/platform/frameworks/av/+/2bddcbdd0c25b434920c87d74a11d0d63fd7edea", "deprecated": false, "signature_version": "v1", "target": { "file": "media/libstagefright/include/media/stagefright/NuMediaExtractor.h" }, "signature_type": "Line" }, { "digest": { "length": 801.0, "function_hash": "14945545501658939233432271447364185516" }, "id": "ASB-A-245242273-38888557", "source": "https://android.googlesource.com/platform/frameworks/av/+/2bddcbdd0c25b434920c87d74a11d0d63fd7edea", "deprecated": false, "signature_version": "v1", "target": { "file": "media/libstagefright/NuMediaExtractor.cpp", "function": "NuMediaExtractor::setDataSource" }, "signature_type": "Function" }, { "digest": { "length": 146.0, "function_hash": "23653717122270778724204293439985434165" }, "id": "ASB-A-245242273-42d8aa42", "source": "https://android.googlesource.com/platform/frameworks/av/+/2bddcbdd0c25b434920c87d74a11d0d63fd7edea", "deprecated": false, "signature_version": "v1", "target": { "file": "media/libstagefright/NuMediaExtractor.cpp", "function": "NuMediaExtractor::getName" }, "signature_type": "Function" }, { "digest": { "length": 717.0, "function_hash": "286246547169833840408346000586825163818" }, "id": "ASB-A-245242273-7b2205e2", "source": "https://android.googlesource.com/platform/frameworks/av/+/2bddcbdd0c25b434920c87d74a11d0d63fd7edea", "deprecated": false, "signature_version": "v1", "target": { "file": "media/libstagefright/NuMediaExtractor.cpp", "function": "NuMediaExtractor::setDataSource" }, "signature_type": "Function" }, { "digest": { "length": 580.0, "function_hash": "219449820909660414074353465109812778227" }, "id": "ASB-A-245242273-ba2fdf0f", "source": "https://android.googlesource.com/platform/frameworks/av/+/2bddcbdd0c25b434920c87d74a11d0d63fd7edea", "deprecated": false, "signature_version": "v1", "target": { "file": "media/libstagefright/NuMediaExtractor.cpp", "function": "NuMediaExtractor::setDataSource" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "143576365321730468659230465742110064082", "322160053123860888307025865705324035485", "299965541041716971609906424841545768410", "239218310709079046737665012066471851594", "126750442462805224230468544861564047818", "123582085208579010732296801471683809596", "44579629554691051103220216249474792545", "213359870337200650653710694861923590377", "107467414503208089952068286116358093439", "162691025664588896249614427892794907722", "331643000748433255914052779394681406804", "84960366174467484542481412714966543056", "169791953022630705407735069438940696431", "56901345247328293914388890236501126532", "279971338656783182856306687100139767455", "279742316532192004934434948495903663837", "291396540000534833471708989640713815184", "862794181738705522595699339747938367", "82820699536854161553079210120620055722", "194583019482415218022981294695839280424", "52058568201682842369813922905299897605", "157735403909728538477013562417815399090", "14567398964173395607071162100950216477", "82168118137627172047800290539233816973", "147757289815501646473087128729128323802", "271517840176517617467172065522099907124", "287845296224003223575920155308737730734", "317975429287633934619345630851074479274", "213359870337200650653710694861923590377", "80417236931436638680865785242095430769", "268529417068342747351650056111368556881", "250152176803792544399381460244119134711", "169791953022630705407735069438940696431", "56901345247328293914388890236501126532", "279971338656783182856306687100139767455", "279742316532192004934434948495903663837", "291396540000534833471708989640713815184", "862794181738705522595699339747938367", "162062966337976833081421123558011180591", "192604221860424284452805253954590306863", "74627997149715815940403700939495697036", "129888928028045160285549240156777479833", "228298684088715702708289083978335973765", "44505734795668179087149406199365306592", "90324539402450093765605449179170044229", "77745759429256282010830548060596004396", "204386460182846048336444787231890592793", "57400099211053204835982805308840020066", "213359870337200650653710694861923590377", "80417236931436638680865785242095430769", "268529417068342747351650056111368556881", "250152176803792544399381460244119134711", "169791953022630705407735069438940696431", "56901345247328293914388890236501126532", "279971338656783182856306687100139767455", "279742316532192004934434948495903663837", "291396540000534833471708989640713815184", "862794181738705522595699339747938367", "235213135947903042071100338764233712896", "22584322131642716058729911232185337007", "148464474348142765504534913846542082374", "149195659502554307738611789790070390137", "242532707240972791239480300641243248157", "131249883077207173052525219277764757376", "193830096701641894320385062104560016815", "61641050652822845131201087620549943292", "189684812456095264734343831928217873899", "297952419080970206546149715048073553378" ] }, "id": "ASB-A-245242273-d60d1412", "source": "https://android.googlesource.com/platform/frameworks/av/+/2bddcbdd0c25b434920c87d74a11d0d63fd7edea", "deprecated": false, "signature_version": "v1", "target": { "file": "media/libstagefright/NuMediaExtractor.cpp" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/av/+/2bddcbdd0c25b434920c87d74a11d0d63fd7edea" ], "spl": "2022-12-01", "severity": "High", "types": [ "ID" ] }
{ "vanir_signatures": [ { "digest": { "length": 717.0, "function_hash": "286246547169833840408346000586825163818" }, "id": "ASB-A-245242273-2d3c20df", "source": "https://android.googlesource.com/platform/frameworks/av/+/2bddcbdd0c25b434920c87d74a11d0d63fd7edea", "deprecated": false, "signature_version": "v1", "target": { "file": "media/libstagefright/NuMediaExtractor.cpp", "function": "NuMediaExtractor::setDataSource" }, "signature_type": "Function" }, { "digest": { "length": 801.0, "function_hash": "14945545501658939233432271447364185516" }, "id": "ASB-A-245242273-7361fbc4", "source": "https://android.googlesource.com/platform/frameworks/av/+/2bddcbdd0c25b434920c87d74a11d0d63fd7edea", "deprecated": false, "signature_version": "v1", "target": { "file": "media/libstagefright/NuMediaExtractor.cpp", "function": "NuMediaExtractor::setDataSource" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "143576365321730468659230465742110064082", "322160053123860888307025865705324035485", "299965541041716971609906424841545768410", "239218310709079046737665012066471851594", "126750442462805224230468544861564047818", "123582085208579010732296801471683809596", "44579629554691051103220216249474792545", "213359870337200650653710694861923590377", "107467414503208089952068286116358093439", "162691025664588896249614427892794907722", "331643000748433255914052779394681406804", "84960366174467484542481412714966543056", "169791953022630705407735069438940696431", "56901345247328293914388890236501126532", "279971338656783182856306687100139767455", "279742316532192004934434948495903663837", "291396540000534833471708989640713815184", "862794181738705522595699339747938367", "82820699536854161553079210120620055722", "194583019482415218022981294695839280424", "52058568201682842369813922905299897605", "157735403909728538477013562417815399090", "14567398964173395607071162100950216477", "82168118137627172047800290539233816973", "147757289815501646473087128729128323802", "271517840176517617467172065522099907124", "287845296224003223575920155308737730734", "317975429287633934619345630851074479274", "213359870337200650653710694861923590377", "80417236931436638680865785242095430769", "268529417068342747351650056111368556881", "250152176803792544399381460244119134711", "169791953022630705407735069438940696431", "56901345247328293914388890236501126532", "279971338656783182856306687100139767455", "279742316532192004934434948495903663837", "291396540000534833471708989640713815184", "862794181738705522595699339747938367", "162062966337976833081421123558011180591", "192604221860424284452805253954590306863", "74627997149715815940403700939495697036", "129888928028045160285549240156777479833", "228298684088715702708289083978335973765", "44505734795668179087149406199365306592", "90324539402450093765605449179170044229", "77745759429256282010830548060596004396", "204386460182846048336444787231890592793", "57400099211053204835982805308840020066", "213359870337200650653710694861923590377", "80417236931436638680865785242095430769", "268529417068342747351650056111368556881", "250152176803792544399381460244119134711", "169791953022630705407735069438940696431", "56901345247328293914388890236501126532", "279971338656783182856306687100139767455", "279742316532192004934434948495903663837", "291396540000534833471708989640713815184", "862794181738705522595699339747938367", "235213135947903042071100338764233712896", "22584322131642716058729911232185337007", "148464474348142765504534913846542082374", "149195659502554307738611789790070390137", "242532707240972791239480300641243248157", "131249883077207173052525219277764757376", "193830096701641894320385062104560016815", "61641050652822845131201087620549943292", "189684812456095264734343831928217873899", "297952419080970206546149715048073553378" ] }, "id": "ASB-A-245242273-7924476e", "source": "https://android.googlesource.com/platform/frameworks/av/+/2bddcbdd0c25b434920c87d74a11d0d63fd7edea", "deprecated": false, "signature_version": "v1", "target": { "file": "media/libstagefright/NuMediaExtractor.cpp" }, "signature_type": "Line" }, { "digest": { "length": 146.0, "function_hash": "23653717122270778724204293439985434165" }, "id": "ASB-A-245242273-9d88c72a", "source": "https://android.googlesource.com/platform/frameworks/av/+/2bddcbdd0c25b434920c87d74a11d0d63fd7edea", "deprecated": false, "signature_version": "v1", "target": { "file": "media/libstagefright/NuMediaExtractor.cpp", "function": "NuMediaExtractor::getName" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "271849879462872707776287625108644992993", "64010299961617831360040512285307972196", "287666787316099740787154850390246511615", "196285614905794178365084748192323661138", "107930451518662961911297779895581822927", "172624540704745547462622122165938822359", "185838109690188501972009872918370338901", "183831300453848237931103354956243789070" ] }, "id": "ASB-A-245242273-aaa9dc0d", "source": "https://android.googlesource.com/platform/frameworks/av/+/2bddcbdd0c25b434920c87d74a11d0d63fd7edea", "deprecated": false, "signature_version": "v1", "target": { "file": "media/libstagefright/include/media/stagefright/NuMediaExtractor.h" }, "signature_type": "Line" }, { "digest": { "length": 580.0, "function_hash": "219449820909660414074353465109812778227" }, "id": "ASB-A-245242273-dd5dd94d", "source": "https://android.googlesource.com/platform/frameworks/av/+/2bddcbdd0c25b434920c87d74a11d0d63fd7edea", "deprecated": false, "signature_version": "v1", "target": { "file": "media/libstagefright/NuMediaExtractor.cpp", "function": "NuMediaExtractor::setDataSource" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/av/+/2bddcbdd0c25b434920c87d74a11d0d63fd7edea" ], "spl": "2022-12-01", "severity": "High", "types": [ "ID" ] }