ASB-A-245242273

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-245242273.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-245242273
Aliases
  • A-245242273
  • CVE-2022-20496
Published
2022-12-01T00:00:00Z
Modified
2024-08-07T19:29:34.999779Z
Summary
ndk_mediamuxer_fuzzer: Heap-use-after-free in android::MediaAppender::init
Details

In setDataSource of initMediaExtractor.cpp, there is a possibility of arbitrary code execution due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/frameworks/av

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12:0
Fixed
12:2022-12-01

Affected versions

Other

12

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 146.0,
                "function_hash": "23653717122270778724204293439985434165"
            },
            "id": "ASB-A-245242273-51c292b6",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/2bddcbdd0c25b434920c87d74a11d0d63fd7edea",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "media/libstagefright/NuMediaExtractor.cpp",
                "function": "NuMediaExtractor::getName"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "271849879462872707776287625108644992993",
                    "64010299961617831360040512285307972196",
                    "287666787316099740787154850390246511615",
                    "196285614905794178365084748192323661138",
                    "107930451518662961911297779895581822927",
                    "172624540704745547462622122165938822359",
                    "185838109690188501972009872918370338901",
                    "183831300453848237931103354956243789070"
                ]
            },
            "id": "ASB-A-245242273-6a798918",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/2bddcbdd0c25b434920c87d74a11d0d63fd7edea",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "media/libstagefright/include/media/stagefright/NuMediaExtractor.h"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "143576365321730468659230465742110064082",
                    "322160053123860888307025865705324035485",
                    "299965541041716971609906424841545768410",
                    "239218310709079046737665012066471851594",
                    "126750442462805224230468544861564047818",
                    "123582085208579010732296801471683809596",
                    "44579629554691051103220216249474792545",
                    "213359870337200650653710694861923590377",
                    "107467414503208089952068286116358093439",
                    "162691025664588896249614427892794907722",
                    "331643000748433255914052779394681406804",
                    "84960366174467484542481412714966543056",
                    "169791953022630705407735069438940696431",
                    "56901345247328293914388890236501126532",
                    "279971338656783182856306687100139767455",
                    "279742316532192004934434948495903663837",
                    "291396540000534833471708989640713815184",
                    "862794181738705522595699339747938367",
                    "82820699536854161553079210120620055722",
                    "194583019482415218022981294695839280424",
                    "52058568201682842369813922905299897605",
                    "157735403909728538477013562417815399090",
                    "14567398964173395607071162100950216477",
                    "82168118137627172047800290539233816973",
                    "147757289815501646473087128729128323802",
                    "271517840176517617467172065522099907124",
                    "287845296224003223575920155308737730734",
                    "317975429287633934619345630851074479274",
                    "213359870337200650653710694861923590377",
                    "80417236931436638680865785242095430769",
                    "268529417068342747351650056111368556881",
                    "250152176803792544399381460244119134711",
                    "169791953022630705407735069438940696431",
                    "56901345247328293914388890236501126532",
                    "279971338656783182856306687100139767455",
                    "279742316532192004934434948495903663837",
                    "291396540000534833471708989640713815184",
                    "862794181738705522595699339747938367",
                    "162062966337976833081421123558011180591",
                    "192604221860424284452805253954590306863",
                    "74627997149715815940403700939495697036",
                    "129888928028045160285549240156777479833",
                    "228298684088715702708289083978335973765",
                    "44505734795668179087149406199365306592",
                    "90324539402450093765605449179170044229",
                    "77745759429256282010830548060596004396",
                    "204386460182846048336444787231890592793",
                    "57400099211053204835982805308840020066",
                    "213359870337200650653710694861923590377",
                    "80417236931436638680865785242095430769",
                    "268529417068342747351650056111368556881",
                    "250152176803792544399381460244119134711",
                    "169791953022630705407735069438940696431",
                    "56901345247328293914388890236501126532",
                    "279971338656783182856306687100139767455",
                    "279742316532192004934434948495903663837",
                    "291396540000534833471708989640713815184",
                    "862794181738705522595699339747938367",
                    "235213135947903042071100338764233712896",
                    "22584322131642716058729911232185337007",
                    "148464474348142765504534913846542082374",
                    "149195659502554307738611789790070390137",
                    "242532707240972791239480300641243248157",
                    "131249883077207173052525219277764757376",
                    "193830096701641894320385062104560016815",
                    "61641050652822845131201087620549943292",
                    "189684812456095264734343831928217873899",
                    "297952419080970206546149715048073553378"
                ]
            },
            "id": "ASB-A-245242273-91d217e7",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/2bddcbdd0c25b434920c87d74a11d0d63fd7edea",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "media/libstagefright/NuMediaExtractor.cpp"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 801.0,
                "function_hash": "14945545501658939233432271447364185516"
            },
            "id": "ASB-A-245242273-df72b9de",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/2bddcbdd0c25b434920c87d74a11d0d63fd7edea",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "media/libstagefright/NuMediaExtractor.cpp",
                "function": "NuMediaExtractor::setDataSource"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 717.0,
                "function_hash": "286246547169833840408346000586825163818"
            },
            "id": "ASB-A-245242273-f3261941",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/2bddcbdd0c25b434920c87d74a11d0d63fd7edea",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "media/libstagefright/NuMediaExtractor.cpp",
                "function": "NuMediaExtractor::setDataSource"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 580.0,
                "function_hash": "219449820909660414074353465109812778227"
            },
            "id": "ASB-A-245242273-fb742914",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/2bddcbdd0c25b434920c87d74a11d0d63fd7edea",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "media/libstagefright/NuMediaExtractor.cpp",
                "function": "NuMediaExtractor::setDataSource"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/av/+/2bddcbdd0c25b434920c87d74a11d0d63fd7edea"
    ],
    "spl": "2022-12-01",
    "severity": "High",
    "types": [
        "ID"
    ]
}

Android / platform/frameworks/av

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12L:0
Fixed
12L:2022-12-01

Affected versions

Other

12L

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "271849879462872707776287625108644992993",
                    "64010299961617831360040512285307972196",
                    "287666787316099740787154850390246511615",
                    "196285614905794178365084748192323661138",
                    "107930451518662961911297779895581822927",
                    "172624540704745547462622122165938822359",
                    "185838109690188501972009872918370338901",
                    "183831300453848237931103354956243789070"
                ]
            },
            "id": "ASB-A-245242273-37ae5240",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/2bddcbdd0c25b434920c87d74a11d0d63fd7edea",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "media/libstagefright/include/media/stagefright/NuMediaExtractor.h"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 801.0,
                "function_hash": "14945545501658939233432271447364185516"
            },
            "id": "ASB-A-245242273-38888557",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/2bddcbdd0c25b434920c87d74a11d0d63fd7edea",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "media/libstagefright/NuMediaExtractor.cpp",
                "function": "NuMediaExtractor::setDataSource"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 146.0,
                "function_hash": "23653717122270778724204293439985434165"
            },
            "id": "ASB-A-245242273-42d8aa42",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/2bddcbdd0c25b434920c87d74a11d0d63fd7edea",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "media/libstagefright/NuMediaExtractor.cpp",
                "function": "NuMediaExtractor::getName"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 717.0,
                "function_hash": "286246547169833840408346000586825163818"
            },
            "id": "ASB-A-245242273-7b2205e2",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/2bddcbdd0c25b434920c87d74a11d0d63fd7edea",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "media/libstagefright/NuMediaExtractor.cpp",
                "function": "NuMediaExtractor::setDataSource"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 580.0,
                "function_hash": "219449820909660414074353465109812778227"
            },
            "id": "ASB-A-245242273-ba2fdf0f",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/2bddcbdd0c25b434920c87d74a11d0d63fd7edea",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "media/libstagefright/NuMediaExtractor.cpp",
                "function": "NuMediaExtractor::setDataSource"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "143576365321730468659230465742110064082",
                    "322160053123860888307025865705324035485",
                    "299965541041716971609906424841545768410",
                    "239218310709079046737665012066471851594",
                    "126750442462805224230468544861564047818",
                    "123582085208579010732296801471683809596",
                    "44579629554691051103220216249474792545",
                    "213359870337200650653710694861923590377",
                    "107467414503208089952068286116358093439",
                    "162691025664588896249614427892794907722",
                    "331643000748433255914052779394681406804",
                    "84960366174467484542481412714966543056",
                    "169791953022630705407735069438940696431",
                    "56901345247328293914388890236501126532",
                    "279971338656783182856306687100139767455",
                    "279742316532192004934434948495903663837",
                    "291396540000534833471708989640713815184",
                    "862794181738705522595699339747938367",
                    "82820699536854161553079210120620055722",
                    "194583019482415218022981294695839280424",
                    "52058568201682842369813922905299897605",
                    "157735403909728538477013562417815399090",
                    "14567398964173395607071162100950216477",
                    "82168118137627172047800290539233816973",
                    "147757289815501646473087128729128323802",
                    "271517840176517617467172065522099907124",
                    "287845296224003223575920155308737730734",
                    "317975429287633934619345630851074479274",
                    "213359870337200650653710694861923590377",
                    "80417236931436638680865785242095430769",
                    "268529417068342747351650056111368556881",
                    "250152176803792544399381460244119134711",
                    "169791953022630705407735069438940696431",
                    "56901345247328293914388890236501126532",
                    "279971338656783182856306687100139767455",
                    "279742316532192004934434948495903663837",
                    "291396540000534833471708989640713815184",
                    "862794181738705522595699339747938367",
                    "162062966337976833081421123558011180591",
                    "192604221860424284452805253954590306863",
                    "74627997149715815940403700939495697036",
                    "129888928028045160285549240156777479833",
                    "228298684088715702708289083978335973765",
                    "44505734795668179087149406199365306592",
                    "90324539402450093765605449179170044229",
                    "77745759429256282010830548060596004396",
                    "204386460182846048336444787231890592793",
                    "57400099211053204835982805308840020066",
                    "213359870337200650653710694861923590377",
                    "80417236931436638680865785242095430769",
                    "268529417068342747351650056111368556881",
                    "250152176803792544399381460244119134711",
                    "169791953022630705407735069438940696431",
                    "56901345247328293914388890236501126532",
                    "279971338656783182856306687100139767455",
                    "279742316532192004934434948495903663837",
                    "291396540000534833471708989640713815184",
                    "862794181738705522595699339747938367",
                    "235213135947903042071100338764233712896",
                    "22584322131642716058729911232185337007",
                    "148464474348142765504534913846542082374",
                    "149195659502554307738611789790070390137",
                    "242532707240972791239480300641243248157",
                    "131249883077207173052525219277764757376",
                    "193830096701641894320385062104560016815",
                    "61641050652822845131201087620549943292",
                    "189684812456095264734343831928217873899",
                    "297952419080970206546149715048073553378"
                ]
            },
            "id": "ASB-A-245242273-d60d1412",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/2bddcbdd0c25b434920c87d74a11d0d63fd7edea",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "media/libstagefright/NuMediaExtractor.cpp"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/av/+/2bddcbdd0c25b434920c87d74a11d0d63fd7edea"
    ],
    "spl": "2022-12-01",
    "severity": "High",
    "types": [
        "ID"
    ]
}

Android / platform/frameworks/av

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13:0
Fixed
13:2022-12-01

Affected versions

Other

13

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 717.0,
                "function_hash": "286246547169833840408346000586825163818"
            },
            "id": "ASB-A-245242273-2d3c20df",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/2bddcbdd0c25b434920c87d74a11d0d63fd7edea",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "media/libstagefright/NuMediaExtractor.cpp",
                "function": "NuMediaExtractor::setDataSource"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 801.0,
                "function_hash": "14945545501658939233432271447364185516"
            },
            "id": "ASB-A-245242273-7361fbc4",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/2bddcbdd0c25b434920c87d74a11d0d63fd7edea",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "media/libstagefright/NuMediaExtractor.cpp",
                "function": "NuMediaExtractor::setDataSource"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "143576365321730468659230465742110064082",
                    "322160053123860888307025865705324035485",
                    "299965541041716971609906424841545768410",
                    "239218310709079046737665012066471851594",
                    "126750442462805224230468544861564047818",
                    "123582085208579010732296801471683809596",
                    "44579629554691051103220216249474792545",
                    "213359870337200650653710694861923590377",
                    "107467414503208089952068286116358093439",
                    "162691025664588896249614427892794907722",
                    "331643000748433255914052779394681406804",
                    "84960366174467484542481412714966543056",
                    "169791953022630705407735069438940696431",
                    "56901345247328293914388890236501126532",
                    "279971338656783182856306687100139767455",
                    "279742316532192004934434948495903663837",
                    "291396540000534833471708989640713815184",
                    "862794181738705522595699339747938367",
                    "82820699536854161553079210120620055722",
                    "194583019482415218022981294695839280424",
                    "52058568201682842369813922905299897605",
                    "157735403909728538477013562417815399090",
                    "14567398964173395607071162100950216477",
                    "82168118137627172047800290539233816973",
                    "147757289815501646473087128729128323802",
                    "271517840176517617467172065522099907124",
                    "287845296224003223575920155308737730734",
                    "317975429287633934619345630851074479274",
                    "213359870337200650653710694861923590377",
                    "80417236931436638680865785242095430769",
                    "268529417068342747351650056111368556881",
                    "250152176803792544399381460244119134711",
                    "169791953022630705407735069438940696431",
                    "56901345247328293914388890236501126532",
                    "279971338656783182856306687100139767455",
                    "279742316532192004934434948495903663837",
                    "291396540000534833471708989640713815184",
                    "862794181738705522595699339747938367",
                    "162062966337976833081421123558011180591",
                    "192604221860424284452805253954590306863",
                    "74627997149715815940403700939495697036",
                    "129888928028045160285549240156777479833",
                    "228298684088715702708289083978335973765",
                    "44505734795668179087149406199365306592",
                    "90324539402450093765605449179170044229",
                    "77745759429256282010830548060596004396",
                    "204386460182846048336444787231890592793",
                    "57400099211053204835982805308840020066",
                    "213359870337200650653710694861923590377",
                    "80417236931436638680865785242095430769",
                    "268529417068342747351650056111368556881",
                    "250152176803792544399381460244119134711",
                    "169791953022630705407735069438940696431",
                    "56901345247328293914388890236501126532",
                    "279971338656783182856306687100139767455",
                    "279742316532192004934434948495903663837",
                    "291396540000534833471708989640713815184",
                    "862794181738705522595699339747938367",
                    "235213135947903042071100338764233712896",
                    "22584322131642716058729911232185337007",
                    "148464474348142765504534913846542082374",
                    "149195659502554307738611789790070390137",
                    "242532707240972791239480300641243248157",
                    "131249883077207173052525219277764757376",
                    "193830096701641894320385062104560016815",
                    "61641050652822845131201087620549943292",
                    "189684812456095264734343831928217873899",
                    "297952419080970206546149715048073553378"
                ]
            },
            "id": "ASB-A-245242273-7924476e",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/2bddcbdd0c25b434920c87d74a11d0d63fd7edea",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "media/libstagefright/NuMediaExtractor.cpp"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 146.0,
                "function_hash": "23653717122270778724204293439985434165"
            },
            "id": "ASB-A-245242273-9d88c72a",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/2bddcbdd0c25b434920c87d74a11d0d63fd7edea",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "media/libstagefright/NuMediaExtractor.cpp",
                "function": "NuMediaExtractor::getName"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "271849879462872707776287625108644992993",
                    "64010299961617831360040512285307972196",
                    "287666787316099740787154850390246511615",
                    "196285614905794178365084748192323661138",
                    "107930451518662961911297779895581822927",
                    "172624540704745547462622122165938822359",
                    "185838109690188501972009872918370338901",
                    "183831300453848237931103354956243789070"
                ]
            },
            "id": "ASB-A-245242273-aaa9dc0d",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/2bddcbdd0c25b434920c87d74a11d0d63fd7edea",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "media/libstagefright/include/media/stagefright/NuMediaExtractor.h"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 580.0,
                "function_hash": "219449820909660414074353465109812778227"
            },
            "id": "ASB-A-245242273-dd5dd94d",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/2bddcbdd0c25b434920c87d74a11d0d63fd7edea",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "media/libstagefright/NuMediaExtractor.cpp",
                "function": "NuMediaExtractor::setDataSource"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/av/+/2bddcbdd0c25b434920c87d74a11d0d63fd7edea"
    ],
    "spl": "2022-12-01",
    "severity": "High",
    "types": [
        "ID"
    ]
}