{"id":"ASB-A-160265164", "published":"2020-12-01T00:00:00Z", "modified":"2026-06-15T14:59:01.925224191Z", "aliases":["CVE-2020-0458", "A-160265164"], "details":"In SPDIFEncoder::writeBurstBufferBytes and related methods of SPDIFEncoder.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.", "affected":[{"package":{"name":"platform/system/media", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"8.0:0"}, {"fixed":"8.0:2020-12-01"}]}], "versions":["8.0"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/media/+/4523a5863f7d8f449600e85e946cfdc9cff408b2", "https://android.googlesource.com/platform/system/media/+/1f73a728ef4b6d7d350c0715bdb10d59e5b5f9be"], "severity":"Critical", "spl":"2020-12-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"40283338500318352106057796562783840058", "length":558}, "id":"ASB-A-160265164-022a8b9e", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/media/+/1f73a728ef4b6d7d350c0715bdb10d59e5b5f9be", "target":{"file":"audio_utils/spdif/SPDIFEncoder.cpp", "function":"SPDIFEncoder::writeBurstBufferBytes"}}, {"deprecated":false, "digest":{"function_hash":"152344411935269315469663959082721260705", "length":346}, "id":"ASB-A-160265164-028efb4f", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/media/+/1f73a728ef4b6d7d350c0715bdb10d59e5b5f9be", "target":{"file":"audio_utils/spdif/FrameScanner.cpp", "function":"FrameScanner::FrameScanner"}}, {"deprecated":false, "digest":{"line_hashes":["315301970555212661788859622139306500805", "168697204251568400354506960495179210678", "80895717045175310121526219255663519912", "146924628090277811717398141731488444775"], "threshold":0.9}, "id":"ASB-A-160265164-5e9e8a01", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/media/+/1f73a728ef4b6d7d350c0715bdb10d59e5b5f9be", "target":{"file":"audio_utils/spdif/AC3FrameScanner.cpp"}}, {"deprecated":false, "digest":{"line_hashes":["259647612143021780756864891114490422070", "338966583500271550645993095945280475714", "166975676725632283786507085152741521388", "72542598289547325216051972627738719884"], "threshold":0.9}, "id":"ASB-A-160265164-6a005e59", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/media/+/1f73a728ef4b6d7d350c0715bdb10d59e5b5f9be", "target":{"file":"audio_utils/spdif/FrameScanner.cpp"}}, {"deprecated":false, "digest":{"function_hash":"198867948338260688667640693224304378116", "length":463}, "id":"ASB-A-160265164-6b82cf4d", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/media/+/1f73a728ef4b6d7d350c0715bdb10d59e5b5f9be", "target":{"file":"audio_utils/spdif/SPDIFEncoder.cpp", "function":"SPDIFEncoder::writeBurstBufferShorts"}}, {"deprecated":false, "digest":{"line_hashes":["187679534532922003488298009691619337962", "225568408312939496901254825816681984755", "54222241606213111868796631204216806726", "243491401206640026402001190439209616008"], "threshold":0.9}, "id":"ASB-A-160265164-79cd6c81", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/media/+/1f73a728ef4b6d7d350c0715bdb10d59e5b5f9be", "target":{"file":"audio_utils/include/audio_utils/spdif/SPDIFEncoder.h"}}, {"deprecated":false, "digest":{"line_hashes":["116260180557445152731375372260927407938", "240999438553051720422268165278963468858", "220454328048295003184939511476228529520", "122955241082936821703367825662335229870", "71440399534359075937454879324136479251", "153523124046872016221664299656387230368", "320787894413464901052806841291873545196", "305031154763767434497816781494489983739", "93855270680209134863646048469163735340", "231358582525871025274494118826583420282", "27932655956250264040654885415766795151", "117773412660877069179545257722081461451", "116072856469804973247980868881193873077", "96364832259155400500614241341566879589", "91763413602741681499901869674687381830", "294650949833413617306493182827969411921", "111231134370134772394636010813498334384", "21389326718305129660984196132099421180", "205101741412141249436009828536965103487", "102777344931951345505008751744690140450", "230914251777198549312521955300391845054", "301505372585215308336311254694392667239", "148793867279999665562700295334991249526", "121927239038078875635368735179720523562", "120664144019293849009686158440562036425", "240666162488096563104071619646642960319", "180635944635502272924575681960554159984"], "threshold":0.9}, "id":"ASB-A-160265164-92410e9f", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/media/+/1f73a728ef4b6d7d350c0715bdb10d59e5b5f9be", "target":{"file":"audio_utils/spdif/SPDIFEncoder.cpp"}}, {"deprecated":false, "digest":{"function_hash":"278303449840606457413695327977492702142", "length":2369}, "id":"ASB-A-160265164-98ef9734", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/media/+/1f73a728ef4b6d7d350c0715bdb10d59e5b5f9be", "target":{"file":"audio_utils/spdif/AC3FrameScanner.cpp", "function":"AC3FrameScanner::parseHeader"}}, {"deprecated":false, "digest":{"function_hash":"117908441538651017328085137480633857167", "length":193}, "id":"ASB-A-160265164-a8848c21", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/media/+/1f73a728ef4b6d7d350c0715bdb10d59e5b5f9be", "target":{"file":"audio_utils/spdif/SPDIFEncoder.cpp", "function":"SPDIFEncoder::startSyncFrame"}}]}}, {"package":{"name":"platform/system/media", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"8.1:0"}, {"fixed":"8.1:2020-12-01"}]}], "versions":["8.1"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/media/+/4523a5863f7d8f449600e85e946cfdc9cff408b2", "https://android.googlesource.com/platform/system/media/+/1f73a728ef4b6d7d350c0715bdb10d59e5b5f9be"], "severity":"Critical", "spl":"2020-12-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["187679534532922003488298009691619337962", "225568408312939496901254825816681984755", "54222241606213111868796631204216806726", "243491401206640026402001190439209616008"], "threshold":0.9}, "id":"ASB-A-160265164-19f1a923", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/media/+/1f73a728ef4b6d7d350c0715bdb10d59e5b5f9be", "target":{"file":"audio_utils/include/audio_utils/spdif/SPDIFEncoder.h"}}, {"deprecated":false, "digest":{"function_hash":"198867948338260688667640693224304378116", "length":463}, "id":"ASB-A-160265164-1b30b3ee", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/media/+/1f73a728ef4b6d7d350c0715bdb10d59e5b5f9be", "target":{"file":"audio_utils/spdif/SPDIFEncoder.cpp", "function":"SPDIFEncoder::writeBurstBufferShorts"}}, {"deprecated":false, "digest":{"line_hashes":["116260180557445152731375372260927407938", "240999438553051720422268165278963468858", "220454328048295003184939511476228529520", "122955241082936821703367825662335229870", "71440399534359075937454879324136479251", "153523124046872016221664299656387230368", "320787894413464901052806841291873545196", "305031154763767434497816781494489983739", "93855270680209134863646048469163735340", "231358582525871025274494118826583420282", "27932655956250264040654885415766795151", "117773412660877069179545257722081461451", "116072856469804973247980868881193873077", "96364832259155400500614241341566879589", "91763413602741681499901869674687381830", "294650949833413617306493182827969411921", "111231134370134772394636010813498334384", "21389326718305129660984196132099421180", "205101741412141249436009828536965103487", "102777344931951345505008751744690140450", "230914251777198549312521955300391845054", "301505372585215308336311254694392667239", "148793867279999665562700295334991249526", "121927239038078875635368735179720523562", "120664144019293849009686158440562036425", "240666162488096563104071619646642960319", "180635944635502272924575681960554159984"], "threshold":0.9}, "id":"ASB-A-160265164-2fbe9097", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/media/+/1f73a728ef4b6d7d350c0715bdb10d59e5b5f9be", "target":{"file":"audio_utils/spdif/SPDIFEncoder.cpp"}}, {"deprecated":false, "digest":{"function_hash":"117908441538651017328085137480633857167", "length":193}, "id":"ASB-A-160265164-2fdcc2b6", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/media/+/1f73a728ef4b6d7d350c0715bdb10d59e5b5f9be", "target":{"file":"audio_utils/spdif/SPDIFEncoder.cpp", "function":"SPDIFEncoder::startSyncFrame"}}, {"deprecated":false, "digest":{"line_hashes":["259647612143021780756864891114490422070", "338966583500271550645993095945280475714", "166975676725632283786507085152741521388", "72542598289547325216051972627738719884"], "threshold":0.9}, "id":"ASB-A-160265164-3191c5b0", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/media/+/1f73a728ef4b6d7d350c0715bdb10d59e5b5f9be", "target":{"file":"audio_utils/spdif/FrameScanner.cpp"}}, {"deprecated":false, "digest":{"function_hash":"152344411935269315469663959082721260705", "length":346}, "id":"ASB-A-160265164-460eba28", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/media/+/1f73a728ef4b6d7d350c0715bdb10d59e5b5f9be", "target":{"file":"audio_utils/spdif/FrameScanner.cpp", "function":"FrameScanner::FrameScanner"}}, {"deprecated":false, "digest":{"function_hash":"278303449840606457413695327977492702142", "length":2369}, "id":"ASB-A-160265164-4f9f1649", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/media/+/1f73a728ef4b6d7d350c0715bdb10d59e5b5f9be", "target":{"file":"audio_utils/spdif/AC3FrameScanner.cpp", "function":"AC3FrameScanner::parseHeader"}}, {"deprecated":false, "digest":{"function_hash":"40283338500318352106057796562783840058", "length":558}, "id":"ASB-A-160265164-b9b7da6b", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/media/+/1f73a728ef4b6d7d350c0715bdb10d59e5b5f9be", "target":{"file":"audio_utils/spdif/SPDIFEncoder.cpp", "function":"SPDIFEncoder::writeBurstBufferBytes"}}, {"deprecated":false, "digest":{"line_hashes":["315301970555212661788859622139306500805", "168697204251568400354506960495179210678", "80895717045175310121526219255663519912", "146924628090277811717398141731488444775"], "threshold":0.9}, "id":"ASB-A-160265164-da49bae2", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/media/+/1f73a728ef4b6d7d350c0715bdb10d59e5b5f9be", "target":{"file":"audio_utils/spdif/AC3FrameScanner.cpp"}}]}}, {"package":{"name":"platform/system/media", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"9:0"}, {"fixed":"9:2020-12-01"}]}], "versions":["9"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/media/+/4523a5863f7d8f449600e85e946cfdc9cff408b2", "https://android.googlesource.com/platform/system/media/+/1f73a728ef4b6d7d350c0715bdb10d59e5b5f9be"], "severity":"Critical", "spl":"2020-12-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"278303449840606457413695327977492702142", "length":2369}, "id":"ASB-A-160265164-3ab285cb", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/media/+/1f73a728ef4b6d7d350c0715bdb10d59e5b5f9be", "target":{"file":"audio_utils/spdif/AC3FrameScanner.cpp", "function":"AC3FrameScanner::parseHeader"}}, {"deprecated":false, "digest":{"function_hash":"117908441538651017328085137480633857167", "length":193}, "id":"ASB-A-160265164-3ac51b11", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/media/+/1f73a728ef4b6d7d350c0715bdb10d59e5b5f9be", "target":{"file":"audio_utils/spdif/SPDIFEncoder.cpp", "function":"SPDIFEncoder::startSyncFrame"}}, {"deprecated":false, "digest":{"function_hash":"152344411935269315469663959082721260705", "length":346}, "id":"ASB-A-160265164-3ce32501", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/media/+/1f73a728ef4b6d7d350c0715bdb10d59e5b5f9be", "target":{"file":"audio_utils/spdif/FrameScanner.cpp", "function":"FrameScanner::FrameScanner"}}, {"deprecated":false, "digest":{"line_hashes":["187679534532922003488298009691619337962", "225568408312939496901254825816681984755", "54222241606213111868796631204216806726", "243491401206640026402001190439209616008"], "threshold":0.9}, "id":"ASB-A-160265164-6d0f41ba", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/media/+/1f73a728ef4b6d7d350c0715bdb10d59e5b5f9be", "target":{"file":"audio_utils/include/audio_utils/spdif/SPDIFEncoder.h"}}, {"deprecated":false, "digest":{"line_hashes":["116260180557445152731375372260927407938", "240999438553051720422268165278963468858", "220454328048295003184939511476228529520", "122955241082936821703367825662335229870", "71440399534359075937454879324136479251", "153523124046872016221664299656387230368", "320787894413464901052806841291873545196", "305031154763767434497816781494489983739", "93855270680209134863646048469163735340", "231358582525871025274494118826583420282", "27932655956250264040654885415766795151", "117773412660877069179545257722081461451", "116072856469804973247980868881193873077", "96364832259155400500614241341566879589", "91763413602741681499901869674687381830", "294650949833413617306493182827969411921", "111231134370134772394636010813498334384", "21389326718305129660984196132099421180", "205101741412141249436009828536965103487", "102777344931951345505008751744690140450", "230914251777198549312521955300391845054", "301505372585215308336311254694392667239", "148793867279999665562700295334991249526", "121927239038078875635368735179720523562", "120664144019293849009686158440562036425", "240666162488096563104071619646642960319", "180635944635502272924575681960554159984"], "threshold":0.9}, "id":"ASB-A-160265164-91d55c6e", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/media/+/1f73a728ef4b6d7d350c0715bdb10d59e5b5f9be", "target":{"file":"audio_utils/spdif/SPDIFEncoder.cpp"}}, {"deprecated":false, "digest":{"function_hash":"40283338500318352106057796562783840058", "length":558}, "id":"ASB-A-160265164-a6f74f32", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/media/+/1f73a728ef4b6d7d350c0715bdb10d59e5b5f9be", "target":{"file":"audio_utils/spdif/SPDIFEncoder.cpp", "function":"SPDIFEncoder::writeBurstBufferBytes"}}, {"deprecated":false, "digest":{"line_hashes":["259647612143021780756864891114490422070", "338966583500271550645993095945280475714", "166975676725632283786507085152741521388", "72542598289547325216051972627738719884"], "threshold":0.9}, "id":"ASB-A-160265164-c4b267e7", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/media/+/1f73a728ef4b6d7d350c0715bdb10d59e5b5f9be", "target":{"file":"audio_utils/spdif/FrameScanner.cpp"}}, {"deprecated":false, "digest":{"function_hash":"198867948338260688667640693224304378116", "length":463}, "id":"ASB-A-160265164-ecbab205", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/media/+/1f73a728ef4b6d7d350c0715bdb10d59e5b5f9be", "target":{"file":"audio_utils/spdif/SPDIFEncoder.cpp", "function":"SPDIFEncoder::writeBurstBufferShorts"}}, {"deprecated":false, "digest":{"line_hashes":["315301970555212661788859622139306500805", "168697204251568400354506960495179210678", "80895717045175310121526219255663519912", "146924628090277811717398141731488444775"], "threshold":0.9}, "id":"ASB-A-160265164-ffd8b14a", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/media/+/1f73a728ef4b6d7d350c0715bdb10d59e5b5f9be", "target":{"file":"audio_utils/spdif/AC3FrameScanner.cpp"}}]}}, {"package":{"name":"platform/system/media", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"10:0"}, {"fixed":"10:2020-12-01"}]}], "versions":["10"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/media/+/4523a5863f7d8f449600e85e946cfdc9cff408b2", "https://android.googlesource.com/platform/system/media/+/1f73a728ef4b6d7d350c0715bdb10d59e5b5f9be"], "severity":"Critical", "spl":"2020-12-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["116260180557445152731375372260927407938", "240999438553051720422268165278963468858", "220454328048295003184939511476228529520", "122955241082936821703367825662335229870", "71440399534359075937454879324136479251", "153523124046872016221664299656387230368", "320787894413464901052806841291873545196", "305031154763767434497816781494489983739", "93855270680209134863646048469163735340", "231358582525871025274494118826583420282", "27932655956250264040654885415766795151", "117773412660877069179545257722081461451", "116072856469804973247980868881193873077", "96364832259155400500614241341566879589", "91763413602741681499901869674687381830", "294650949833413617306493182827969411921", "111231134370134772394636010813498334384", "21389326718305129660984196132099421180", "205101741412141249436009828536965103487", "102777344931951345505008751744690140450", "230914251777198549312521955300391845054", "301505372585215308336311254694392667239", "148793867279999665562700295334991249526", "121927239038078875635368735179720523562", "120664144019293849009686158440562036425", "240666162488096563104071619646642960319", "180635944635502272924575681960554159984"], "threshold":0.9}, "id":"ASB-A-160265164-00608e33", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/media/+/1f73a728ef4b6d7d350c0715bdb10d59e5b5f9be", "target":{"file":"audio_utils/spdif/SPDIFEncoder.cpp"}}, {"deprecated":false, "digest":{"function_hash":"40283338500318352106057796562783840058", "length":558}, "id":"ASB-A-160265164-07acacec", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/media/+/1f73a728ef4b6d7d350c0715bdb10d59e5b5f9be", "target":{"file":"audio_utils/spdif/SPDIFEncoder.cpp", "function":"SPDIFEncoder::writeBurstBufferBytes"}}, {"deprecated":false, "digest":{"line_hashes":["187679534532922003488298009691619337962", "225568408312939496901254825816681984755", "54222241606213111868796631204216806726", "243491401206640026402001190439209616008"], "threshold":0.9}, "id":"ASB-A-160265164-0c39ec8e", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/media/+/1f73a728ef4b6d7d350c0715bdb10d59e5b5f9be", "target":{"file":"audio_utils/include/audio_utils/spdif/SPDIFEncoder.h"}}, {"deprecated":false, "digest":{"function_hash":"278303449840606457413695327977492702142", "length":2369}, "id":"ASB-A-160265164-1f34c90d", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/media/+/1f73a728ef4b6d7d350c0715bdb10d59e5b5f9be", "target":{"file":"audio_utils/spdif/AC3FrameScanner.cpp", "function":"AC3FrameScanner::parseHeader"}}, {"deprecated":false, "digest":{"function_hash":"117908441538651017328085137480633857167", "length":193}, "id":"ASB-A-160265164-3ad9c279", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/media/+/1f73a728ef4b6d7d350c0715bdb10d59e5b5f9be", "target":{"file":"audio_utils/spdif/SPDIFEncoder.cpp", "function":"SPDIFEncoder::startSyncFrame"}}, {"deprecated":false, "digest":{"line_hashes":["315301970555212661788859622139306500805", "168697204251568400354506960495179210678", "80895717045175310121526219255663519912", "146924628090277811717398141731488444775"], "threshold":0.9}, "id":"ASB-A-160265164-6ea51a29", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/media/+/1f73a728ef4b6d7d350c0715bdb10d59e5b5f9be", "target":{"file":"audio_utils/spdif/AC3FrameScanner.cpp"}}, {"deprecated":false, "digest":{"function_hash":"198867948338260688667640693224304378116", "length":463}, "id":"ASB-A-160265164-71a98843", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/media/+/1f73a728ef4b6d7d350c0715bdb10d59e5b5f9be", "target":{"file":"audio_utils/spdif/SPDIFEncoder.cpp", "function":"SPDIFEncoder::writeBurstBufferShorts"}}, {"deprecated":false, "digest":{"line_hashes":["259647612143021780756864891114490422070", "338966583500271550645993095945280475714", "166975676725632283786507085152741521388", "72542598289547325216051972627738719884"], "threshold":0.9}, "id":"ASB-A-160265164-bc914504", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/media/+/1f73a728ef4b6d7d350c0715bdb10d59e5b5f9be", "target":{"file":"audio_utils/spdif/FrameScanner.cpp"}}, {"deprecated":false, "digest":{"function_hash":"152344411935269315469663959082721260705", "length":346}, "id":"ASB-A-160265164-d24acb85", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/media/+/1f73a728ef4b6d7d350c0715bdb10d59e5b5f9be", "target":{"file":"audio_utils/spdif/FrameScanner.cpp", "function":"FrameScanner::FrameScanner"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2020-12-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/system/media/+/4523a5863f7d8f449600e85e946cfdc9cff408b2"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/system/media/+/1f73a728ef4b6d7d350c0715bdb10d59e5b5f9be"}]}