ASB-A-254803162

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-254803162.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-254803162
Aliases
  • A-254803162
  • CVE-2023-20958
Published
2023-03-01T00:00:00Z
Modified
2024-08-07T19:29:23.201750Z
Summary
Backport: FreeType Heap buffer overflow read
Details

In read_paint of ttcolr.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/external/freetype

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13-next:0
Fixed
13-next:2023-03-01

Affected versions

Other

13-next

Ecosystem specific

{
    "fixes": [
        "https://android.googlesource.com/platform/external/freetype/+/f916fca5d1361dc674118bec51eff2b5299c4c79"
    ],
    "spl": "2023-03-01",
    "severity": "High",
    "types": [
        "ID"
    ]
}

Android / platform/external/freetype

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13:0
Fixed
13:2023-03-01

Affected versions

Other

13

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "306028730103453001949389040698110809210",
                    "139551454863163921199091447580440890743",
                    "146481857632338490229451060853437642193",
                    "52923008947120250382686592499354124373",
                    "103390494577978554655663562106019007429",
                    "311535720356207440618201013295517544080",
                    "263791282487955854066239476330548281248",
                    "154550138651895736634106501555028627147",
                    "126023655564957189324895948395724503363",
                    "47841667429785024774877606583258177440",
                    "157831469805408457417433933344796030494",
                    "128238996367472570062047381139380673765",
                    "110644623379568852099709327847126581659",
                    "105553687388233691960296314805900136071",
                    "50111659023819480512636344661363422627",
                    "170745083070249731896637414250525299775",
                    "271829570882408219265880480877109604417",
                    "131818949153970063885003368394068527294",
                    "313801983922143130188867348647693009890",
                    "313610615790584256513557166397042661607",
                    "208628776772681940669443923441209641379",
                    "244930656989140677336386094008945216271",
                    "12672997220747165287942532257231905775",
                    "78220747209021846639297174279767866836",
                    "39112473556601994622699064173279287430",
                    "272372914479427644101259402595087452638",
                    "334765934514828448194691644195121841919",
                    "92739665075054122881410002459718624740",
                    "336595512376344382895362844154876546483",
                    "108152522950872298177532387053883185371",
                    "16191347676968857858877719674763164388",
                    "75773312977215286259429635251826035787",
                    "188409672356226176053788052145871893533",
                    "91143965747346509511241320602927864971",
                    "272698422234510055857249334519843134540",
                    "93548487298838510260721883110491236706",
                    "159085700099597414715421493584185808081",
                    "286302697220326232021711404906086561976",
                    "219113390765323762551543646848130750715",
                    "286709817848932883390923149620027314800",
                    "251711439383684670559968540234682477315",
                    "146492862162375426727754448507183125894",
                    "3826590563765277584297568531103087788",
                    "21363079221283039628355594746609282564",
                    "35279173998540991358487128469439539082",
                    "124818387315921630012688634714708409857",
                    "309706396900603377093330220940426574748",
                    "4065293868813772577317159028262253465",
                    "51722676836173464740452856352123558567",
                    "111385093176625424726810537903159486445",
                    "42700529971238162577034322091016376653",
                    "26453188124286742715656649985588049099",
                    "44758196280328814276824374934087830486",
                    "128811308591740885678058902910867905206",
                    "219777835619492577551760383867886024167",
                    "112445417634223826472403462108176778983",
                    "235377609065164758842094833296701734689",
                    "248590775977334896468842175376274499402",
                    "121347156128466578282184259951802446038",
                    "239902161045098148916876693761450559412",
                    "36943730272097728288876688975513481448",
                    "120653563891354915867545929761197940610",
                    "196772659357566858624513698937506685528",
                    "84000472345732681592580113441802261646",
                    "113042475703390595762514377063929626949",
                    "40708619659630716894572737856881413665",
                    "62728794434925583579805085429507648300",
                    "231435349030168719952753608234201717757",
                    "100165521904982659079436998922500697565",
                    "69869752435190240569589921259717445370",
                    "274721578920433698004389192039801651657",
                    "250253667760252061623450827911287889505",
                    "141137264133873383923089780289888986928",
                    "138507170756007196890016410753863032880",
                    "65560529895864474444280617841624897041",
                    "230970938259886824516699882421850430277",
                    "179834360902633010314850207246579288008",
                    "38683025683833032981472370768473397668",
                    "330774469270102111921943588653901196954",
                    "83957305151142334745416304181683574066",
                    "134105816972824297494678382552876023852",
                    "313261455380631391363597566642671202672",
                    "213001289923340008701256667973412945343",
                    "63608630149708990954475705771229600003",
                    "152142401467115816188922512903659338026",
                    "64875136997337305080492253441712431503"
                ]
            },
            "id": "ASB-A-254803162-1028b8bf",
            "source": "https://android.googlesource.com/platform/external/freetype/+/b56d29a0a69d9fe7b8e377b3397d1e326761dfab",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/sfnt/ttcolr.c"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 966.0,
                "function_hash": "324248395258620335472283662895952390797"
            },
            "id": "ASB-A-254803162-671b0736",
            "source": "https://android.googlesource.com/platform/external/freetype/+/b56d29a0a69d9fe7b8e377b3397d1e326761dfab",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/sfnt/ttcolr.c",
                "function": "tt_face_get_paint_layers"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 7170.0,
                "function_hash": "102613444367544991272758447049686408626"
            },
            "id": "ASB-A-254803162-e69c6e1b",
            "source": "https://android.googlesource.com/platform/external/freetype/+/b56d29a0a69d9fe7b8e377b3397d1e326761dfab",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/sfnt/ttcolr.c",
                "function": "read_paint"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 383.0,
                "function_hash": "216580915472578561713184683606363861758"
            },
            "id": "ASB-A-254803162-eddf7dc5",
            "source": "https://android.googlesource.com/platform/external/freetype/+/b56d29a0a69d9fe7b8e377b3397d1e326761dfab",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/sfnt/ttcolr.c",
                "function": "read_color_line"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/external/freetype/+/b56d29a0a69d9fe7b8e377b3397d1e326761dfab"
    ],
    "spl": "2023-03-01",
    "severity": "High",
    "types": [
        "ID"
    ]
}