{"id":"ASB-A-150160041", "published":"2020-09-01T00:00:00Z", "modified":"2026-04-30T15:48:46.890647439Z", "aliases":["CVE-2020-0385", "A-150160041"], "details":"In Parse_insh of eas_mdls.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote information disclosure in the media extractor with no additional execution privileges needed. User interaction is needed for exploitation.", "affected":[{"package":{"name":"platform/external/sonivox", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"8.0:0"}, {"fixed":"8.0:2020-09-01"}]}], "versions":["8.0"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/external/sonivox/+/e689e94f3b7473497052e81d906a10a82407e559"], "severity":"High", "spl":"2020-09-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["181829900119039477748077015636613502105", "275044922620282737198137493696043620510", "161414357728343601533595728216280844945", "225226006498603879136487070114940970175", "327898272321048511827431997499515651495", "195343915250230334822997243566450755159", "40372055926465743164709369153025518287", "28868159654609936766653126901200468324", "80578402922742619994225376658138454899", "162651561295090071018388869952279649115", "223672488514811391834808779992673668364", "76241524776169937808472891474266439374", "168400085527804080727041962341408644038", "52835498832227710783626282201795988401"], "threshold":0.9}, "id":"ASB-A-150160041-58ae45fb", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/sonivox/+/e689e94f3b7473497052e81d906a10a82407e559", "target":{"file":"arm-wt-22k/lib_src/eas_mdls.c"}}, {"deprecated":false, "digest":{"function_hash":"314843587702427684691367451123225988324", "length":824}, "id":"ASB-A-150160041-8d90d204", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/sonivox/+/e689e94f3b7473497052e81d906a10a82407e559", "target":{"file":"arm-wt-22k/lib_src/eas_mdls.c", "function":"Parse_lrgn"}}, {"deprecated":false, "digest":{"function_hash":"169242754845313623448940926297571908202", "length":2457}, "id":"ASB-A-150160041-c45fd484", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/sonivox/+/e689e94f3b7473497052e81d906a10a82407e559", "target":{"file":"arm-wt-22k/lib_src/eas_mdls.c", "function":"Parse_rgn"}}, {"deprecated":false, "digest":{"function_hash":"70004419322198664562718789362116696242", "length":1088}, "id":"ASB-A-150160041-e5c73c75", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/sonivox/+/e689e94f3b7473497052e81d906a10a82407e559", "target":{"file":"arm-wt-22k/lib_src/eas_mdls.c", "function":"Parse_ptbl"}}, {"deprecated":false, "digest":{"function_hash":"225007498631071085808511661137921002709", "length":520}, "id":"ASB-A-150160041-ed4b0499", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/sonivox/+/e689e94f3b7473497052e81d906a10a82407e559", "target":{"file":"arm-wt-22k/lib_src/eas_mdls.c", "function":"Parse_lins"}}]}}, {"package":{"name":"platform/external/sonivox", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"8.1:0"}, {"fixed":"8.1:2020-09-01"}]}], "versions":["8.1"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/external/sonivox/+/e689e94f3b7473497052e81d906a10a82407e559"], "severity":"High", "spl":"2020-09-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"314843587702427684691367451123225988324", "length":824}, "id":"ASB-A-150160041-2d2286a7", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/sonivox/+/e689e94f3b7473497052e81d906a10a82407e559", "target":{"file":"arm-wt-22k/lib_src/eas_mdls.c", "function":"Parse_lrgn"}}, {"deprecated":false, "digest":{"function_hash":"225007498631071085808511661137921002709", "length":520}, "id":"ASB-A-150160041-87e05c9b", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/sonivox/+/e689e94f3b7473497052e81d906a10a82407e559", "target":{"file":"arm-wt-22k/lib_src/eas_mdls.c", "function":"Parse_lins"}}, {"deprecated":false, "digest":{"function_hash":"70004419322198664562718789362116696242", "length":1088}, "id":"ASB-A-150160041-9b8d484c", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/sonivox/+/e689e94f3b7473497052e81d906a10a82407e559", "target":{"file":"arm-wt-22k/lib_src/eas_mdls.c", "function":"Parse_ptbl"}}, {"deprecated":false, "digest":{"function_hash":"169242754845313623448940926297571908202", "length":2457}, "id":"ASB-A-150160041-cdd04551", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/sonivox/+/e689e94f3b7473497052e81d906a10a82407e559", "target":{"file":"arm-wt-22k/lib_src/eas_mdls.c", "function":"Parse_rgn"}}, {"deprecated":false, "digest":{"line_hashes":["181829900119039477748077015636613502105", "275044922620282737198137493696043620510", "161414357728343601533595728216280844945", "225226006498603879136487070114940970175", "327898272321048511827431997499515651495", "195343915250230334822997243566450755159", "40372055926465743164709369153025518287", "28868159654609936766653126901200468324", "80578402922742619994225376658138454899", "162651561295090071018388869952279649115", "223672488514811391834808779992673668364", "76241524776169937808472891474266439374", "168400085527804080727041962341408644038", "52835498832227710783626282201795988401"], "threshold":0.9}, "id":"ASB-A-150160041-d8fc508b", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/sonivox/+/e689e94f3b7473497052e81d906a10a82407e559", "target":{"file":"arm-wt-22k/lib_src/eas_mdls.c"}}]}}, {"package":{"name":"platform/external/sonivox", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"9:0"}, {"fixed":"9:2020-09-01"}]}], "versions":["9"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/external/sonivox/+/e689e94f3b7473497052e81d906a10a82407e559"], "severity":"High", "spl":"2020-09-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["181829900119039477748077015636613502105", "275044922620282737198137493696043620510", "161414357728343601533595728216280844945", "225226006498603879136487070114940970175", "327898272321048511827431997499515651495", "195343915250230334822997243566450755159", "40372055926465743164709369153025518287", "28868159654609936766653126901200468324", "80578402922742619994225376658138454899", "162651561295090071018388869952279649115", "223672488514811391834808779992673668364", "76241524776169937808472891474266439374", "168400085527804080727041962341408644038", "52835498832227710783626282201795988401"], "threshold":0.9}, "id":"ASB-A-150160041-1e8d10d3", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/sonivox/+/e689e94f3b7473497052e81d906a10a82407e559", "target":{"file":"arm-wt-22k/lib_src/eas_mdls.c"}}, {"deprecated":false, "digest":{"function_hash":"70004419322198664562718789362116696242", "length":1088}, "id":"ASB-A-150160041-235b8be9", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/sonivox/+/e689e94f3b7473497052e81d906a10a82407e559", "target":{"file":"arm-wt-22k/lib_src/eas_mdls.c", "function":"Parse_ptbl"}}, {"deprecated":false, "digest":{"function_hash":"169242754845313623448940926297571908202", "length":2457}, "id":"ASB-A-150160041-4d407517", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/sonivox/+/e689e94f3b7473497052e81d906a10a82407e559", "target":{"file":"arm-wt-22k/lib_src/eas_mdls.c", "function":"Parse_rgn"}}, {"deprecated":false, "digest":{"function_hash":"314843587702427684691367451123225988324", "length":824}, "id":"ASB-A-150160041-701318ab", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/sonivox/+/e689e94f3b7473497052e81d906a10a82407e559", "target":{"file":"arm-wt-22k/lib_src/eas_mdls.c", "function":"Parse_lrgn"}}, {"deprecated":false, "digest":{"function_hash":"225007498631071085808511661137921002709", "length":520}, "id":"ASB-A-150160041-b466f188", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/sonivox/+/e689e94f3b7473497052e81d906a10a82407e559", "target":{"file":"arm-wt-22k/lib_src/eas_mdls.c", "function":"Parse_lins"}}]}}, {"package":{"name":"platform/external/sonivox", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"10:0"}, {"fixed":"10:2020-09-01"}]}], "versions":["10"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/external/sonivox/+/e689e94f3b7473497052e81d906a10a82407e559"], "severity":"High", "spl":"2020-09-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["181829900119039477748077015636613502105", "275044922620282737198137493696043620510", "161414357728343601533595728216280844945", "225226006498603879136487070114940970175", "327898272321048511827431997499515651495", "195343915250230334822997243566450755159", "40372055926465743164709369153025518287", "28868159654609936766653126901200468324", "80578402922742619994225376658138454899", "162651561295090071018388869952279649115", "223672488514811391834808779992673668364", "76241524776169937808472891474266439374", "168400085527804080727041962341408644038", "52835498832227710783626282201795988401"], "threshold":0.9}, "id":"ASB-A-150160041-2f45d6ab", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/sonivox/+/e689e94f3b7473497052e81d906a10a82407e559", "target":{"file":"arm-wt-22k/lib_src/eas_mdls.c"}}, {"deprecated":false, "digest":{"function_hash":"70004419322198664562718789362116696242", "length":1088}, "id":"ASB-A-150160041-5ba8606c", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/sonivox/+/e689e94f3b7473497052e81d906a10a82407e559", "target":{"file":"arm-wt-22k/lib_src/eas_mdls.c", "function":"Parse_ptbl"}}, {"deprecated":false, "digest":{"function_hash":"169242754845313623448940926297571908202", "length":2457}, "id":"ASB-A-150160041-645f2c13", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/sonivox/+/e689e94f3b7473497052e81d906a10a82407e559", "target":{"file":"arm-wt-22k/lib_src/eas_mdls.c", "function":"Parse_rgn"}}, {"deprecated":false, "digest":{"function_hash":"314843587702427684691367451123225988324", "length":824}, "id":"ASB-A-150160041-b55dbc92", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/sonivox/+/e689e94f3b7473497052e81d906a10a82407e559", "target":{"file":"arm-wt-22k/lib_src/eas_mdls.c", "function":"Parse_lrgn"}}, {"deprecated":false, "digest":{"function_hash":"225007498631071085808511661137921002709", "length":520}, "id":"ASB-A-150160041-d1c34010", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/sonivox/+/e689e94f3b7473497052e81d906a10a82407e559", "target":{"file":"arm-wt-22k/lib_src/eas_mdls.c", "function":"Parse_lins"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2020-09-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/external/sonivox/+/e689e94f3b7473497052e81d906a10a82407e559"}]}