{"id":"ASB-A-156261521", "published":"2020-07-01T00:00:00Z", "modified":"2026-05-01T15:24:27.653932157Z", "aliases":["CVE-2020-9589", "A-156261521"], "details":"In DecodeImage of dng_lossless_jpeg.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/external/dng_sdk", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"8.0:0"}, {"fixed":"8.0:2020-07-01"}]}], "versions":["8.0"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/external/dng_sdk/+/2e8f1f0dc5ca3db8a7035938752dd230608e17ab"], "severity":"Critical", "spl":"2020-07-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"180510715832732769607719343413710777778", "length":6181}, "id":"ASB-A-156261521-62f69bff", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/dng_sdk/+/2e8f1f0dc5ca3db8a7035938752dd230608e17ab", "target":{"file":"source/dng_lossless_jpeg.cpp", "function":"dng_lossless_decoder::DecodeImage"}}, {"deprecated":false, "digest":{"line_hashes":["338554970343322564839010616178851819475", "272801659105549350411196054700854906472", "303090388783411386435420216672599638637", "294107852618224583307778245909416294284", "125410299025336720060653319086340062376", "336086589352344085007594008884552648507", "270397854735675837248995337445782121898", "118923780271866762159005859156406164515"], "threshold":0.9}, "id":"ASB-A-156261521-ebfa2999", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/dng_sdk/+/2e8f1f0dc5ca3db8a7035938752dd230608e17ab", "target":{"file":"source/dng_lossless_jpeg.cpp"}}]}}, {"package":{"name":"platform/external/dng_sdk", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"8.1:0"}, {"fixed":"8.1:2020-07-01"}]}], "versions":["8.1"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/external/dng_sdk/+/2e8f1f0dc5ca3db8a7035938752dd230608e17ab"], "severity":"Critical", "spl":"2020-07-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"180510715832732769607719343413710777778", "length":6181}, "id":"ASB-A-156261521-13caca87", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/dng_sdk/+/2e8f1f0dc5ca3db8a7035938752dd230608e17ab", "target":{"file":"source/dng_lossless_jpeg.cpp", "function":"dng_lossless_decoder::DecodeImage"}}, {"deprecated":false, "digest":{"line_hashes":["338554970343322564839010616178851819475", "272801659105549350411196054700854906472", "303090388783411386435420216672599638637", "294107852618224583307778245909416294284", "125410299025336720060653319086340062376", "336086589352344085007594008884552648507", "270397854735675837248995337445782121898", "118923780271866762159005859156406164515"], "threshold":0.9}, "id":"ASB-A-156261521-349cc174", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/dng_sdk/+/2e8f1f0dc5ca3db8a7035938752dd230608e17ab", "target":{"file":"source/dng_lossless_jpeg.cpp"}}]}}, {"package":{"name":"platform/external/dng_sdk", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"9:0"}, {"fixed":"9:2020-07-01"}]}], "versions":["9"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/external/dng_sdk/+/2e8f1f0dc5ca3db8a7035938752dd230608e17ab"], "severity":"Critical", "spl":"2020-07-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["338554970343322564839010616178851819475", "272801659105549350411196054700854906472", "303090388783411386435420216672599638637", "294107852618224583307778245909416294284", "125410299025336720060653319086340062376", "336086589352344085007594008884552648507", "270397854735675837248995337445782121898", "118923780271866762159005859156406164515"], "threshold":0.9}, "id":"ASB-A-156261521-64f966aa", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/dng_sdk/+/2e8f1f0dc5ca3db8a7035938752dd230608e17ab", "target":{"file":"source/dng_lossless_jpeg.cpp"}}, {"deprecated":false, "digest":{"function_hash":"180510715832732769607719343413710777778", "length":6181}, "id":"ASB-A-156261521-fa771a0e", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/dng_sdk/+/2e8f1f0dc5ca3db8a7035938752dd230608e17ab", "target":{"file":"source/dng_lossless_jpeg.cpp", "function":"dng_lossless_decoder::DecodeImage"}}]}}, {"package":{"name":"platform/external/dng_sdk", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"10:0"}, {"fixed":"10:2020-07-01"}]}], "versions":["10"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/external/dng_sdk/+/2e8f1f0dc5ca3db8a7035938752dd230608e17ab"], "severity":"Critical", "spl":"2020-07-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["338554970343322564839010616178851819475", "272801659105549350411196054700854906472", "303090388783411386435420216672599638637", "294107852618224583307778245909416294284", "125410299025336720060653319086340062376", "336086589352344085007594008884552648507", "270397854735675837248995337445782121898", "118923780271866762159005859156406164515"], "threshold":0.9}, "id":"ASB-A-156261521-3d0dd9b4", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/dng_sdk/+/2e8f1f0dc5ca3db8a7035938752dd230608e17ab", "target":{"file":"source/dng_lossless_jpeg.cpp"}}, {"deprecated":false, "digest":{"function_hash":"180510715832732769607719343413710777778", "length":6181}, "id":"ASB-A-156261521-efa79fb8", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/dng_sdk/+/2e8f1f0dc5ca3db8a7035938752dd230608e17ab", "target":{"file":"source/dng_lossless_jpeg.cpp", "function":"dng_lossless_decoder::DecodeImage"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2020-07-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/external/dng_sdk/+/2e8f1f0dc5ca3db8a7035938752dd230608e17ab"}]}