{"id":"ASB-A-152496149", "published":"2020-09-01T00:00:00Z", "modified":"2026-05-01T15:24:27.653932157Z", "aliases":["CVE-2020-0245", "A-152496149"], "details":"In DecodeFrameCombinedMode of combined_decode.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/av", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"8.0:0"}, {"fixed":"8.0:2020-09-01"}]}], "versions":["8.0"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/av/+/b875a5fe0db2e2d4bf44746bb8ca4dc1e959925e"], "severity":"Critical", "spl":"2020-09-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["334726445611040651805308518657547502328", "302165643461263201211534998004767159937", "226269220506570919067913862504097789007", "207993031518915275674796219289714529616", "61525047071483516889569781706181810859", "70006150308981293561223273089275553736", "256576577570968665084339381138057802861"], "threshold":0.9}, "id":"ASB-A-152496149-58887e11", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/b875a5fe0db2e2d4bf44746bb8ca4dc1e959925e", "target":{"file":"media/libstagefright/codecs/m4v_h263/dec/src/vop.cpp"}}, {"deprecated":false, "digest":{"function_hash":"288748447126358271450202249967440015477", "length":10648}, "id":"ASB-A-152496149-a3763bb8", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/b875a5fe0db2e2d4bf44746bb8ca4dc1e959925e", "target":{"file":"media/libstagefright/codecs/m4v_h263/dec/src/vop.cpp", "function":"DecodeVOLHeader"}}]}}, {"package":{"name":"platform/frameworks/av", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"8.1:0"}, {"fixed":"8.1:2020-09-01"}]}], "versions":["8.1"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/av/+/b875a5fe0db2e2d4bf44746bb8ca4dc1e959925e"], "severity":"Critical", "spl":"2020-09-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["334726445611040651805308518657547502328", "302165643461263201211534998004767159937", "226269220506570919067913862504097789007", "207993031518915275674796219289714529616", "61525047071483516889569781706181810859", "70006150308981293561223273089275553736", "256576577570968665084339381138057802861"], "threshold":0.9}, "id":"ASB-A-152496149-02beaeb9", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/b875a5fe0db2e2d4bf44746bb8ca4dc1e959925e", "target":{"file":"media/libstagefright/codecs/m4v_h263/dec/src/vop.cpp"}}, {"deprecated":false, "digest":{"function_hash":"288748447126358271450202249967440015477", "length":10648}, "id":"ASB-A-152496149-deddc686", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/b875a5fe0db2e2d4bf44746bb8ca4dc1e959925e", "target":{"file":"media/libstagefright/codecs/m4v_h263/dec/src/vop.cpp", "function":"DecodeVOLHeader"}}]}}, {"package":{"name":"platform/frameworks/av", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"9:0"}, {"fixed":"9:2020-09-01"}]}], "versions":["9"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/av/+/b875a5fe0db2e2d4bf44746bb8ca4dc1e959925e"], "severity":"Critical", "spl":"2020-09-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"288748447126358271450202249967440015477", "length":10648}, "id":"ASB-A-152496149-21ce42d7", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/b875a5fe0db2e2d4bf44746bb8ca4dc1e959925e", "target":{"file":"media/libstagefright/codecs/m4v_h263/dec/src/vop.cpp", "function":"DecodeVOLHeader"}}, {"deprecated":false, "digest":{"line_hashes":["334726445611040651805308518657547502328", "302165643461263201211534998004767159937", "226269220506570919067913862504097789007", "207993031518915275674796219289714529616", "61525047071483516889569781706181810859", "70006150308981293561223273089275553736", "256576577570968665084339381138057802861"], "threshold":0.9}, "id":"ASB-A-152496149-b385b279", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/b875a5fe0db2e2d4bf44746bb8ca4dc1e959925e", "target":{"file":"media/libstagefright/codecs/m4v_h263/dec/src/vop.cpp"}}]}}, {"package":{"name":"platform/frameworks/av", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"10:0"}, {"fixed":"10:2020-09-01"}]}], "versions":["10"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/av/+/b875a5fe0db2e2d4bf44746bb8ca4dc1e959925e"], "severity":"High", "spl":"2020-09-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["334726445611040651805308518657547502328", "302165643461263201211534998004767159937", "226269220506570919067913862504097789007", "207993031518915275674796219289714529616", "61525047071483516889569781706181810859", "70006150308981293561223273089275553736", "256576577570968665084339381138057802861"], "threshold":0.9}, "id":"ASB-A-152496149-410df9d8", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/b875a5fe0db2e2d4bf44746bb8ca4dc1e959925e", "target":{"file":"media/libstagefright/codecs/m4v_h263/dec/src/vop.cpp"}}, {"deprecated":false, "digest":{"function_hash":"288748447126358271450202249967440015477", "length":10648}, "id":"ASB-A-152496149-6720f5a7", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/b875a5fe0db2e2d4bf44746bb8ca4dc1e959925e", "target":{"file":"media/libstagefright/codecs/m4v_h263/dec/src/vop.cpp", "function":"DecodeVOLHeader"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2020-09-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/av/+/b875a5fe0db2e2d4bf44746bb8ca4dc1e959925e"}]}