{"id":"ASB-A-160346309", "published":"2021-02-01T00:00:00Z", "modified":"2026-04-29T15:10:00.007170452Z", "aliases":["CVE-2021-0335", "A-160346309"], "details":"In process of C2SoftHevcDec.cpp, there is a possible out of bounds write due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/av", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"10:0"}, {"fixed":"10:2021-02-01"}]}], "versions":["10"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/av/+/5fe4a516e5f194b03153a9f544b4f79da18c46d0"], "severity":"High", "spl":"2021-02-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"156403520066969378917420964670012557434", "length":24773}, "id":"ASB-A-160346309-1b5a82e8", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/5fe4a516e5f194b03153a9f544b4f79da18c46d0", "target":{"file":"media/libstagefright/MediaCodec.cpp", "function":"MediaCodec::onMessageReceived"}}, {"deprecated":false, "digest":{"line_hashes":["175518358395606551475236458693082707395", "78282875977555182837643111024922754880", "128399704599950713485704866834447045607", "262751367214178538839473820290977228918", "172612780151397525546112545339211743148", "319539283947192176157209745994205694467", "273248556596186671733519873946649685649", "129071999506799661233396358447037667988", "319072262300676424023159369269861975789", "236629555272760352689175793201997028680", "208312891030012485909298532738278861862", "79268551593472731336139171829962969841"], "threshold":0.9}, "id":"ASB-A-160346309-c131a565", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/5fe4a516e5f194b03153a9f544b4f79da18c46d0", "target":{"file":"media/libstagefright/MediaCodec.cpp"}}]}}, {"package":{"name":"platform/frameworks/av", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2021-02-01"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/av/+/5fe4a516e5f194b03153a9f544b4f79da18c46d0"], "severity":"High", "spl":"2021-02-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"156403520066969378917420964670012557434", "length":24773}, "id":"ASB-A-160346309-0c2c1a43", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/5fe4a516e5f194b03153a9f544b4f79da18c46d0", "target":{"file":"media/libstagefright/MediaCodec.cpp", "function":"MediaCodec::onMessageReceived"}}, {"deprecated":false, "digest":{"line_hashes":["175518358395606551475236458693082707395", "78282875977555182837643111024922754880", "128399704599950713485704866834447045607", "262751367214178538839473820290977228918", "172612780151397525546112545339211743148", "319539283947192176157209745994205694467", "273248556596186671733519873946649685649", "129071999506799661233396358447037667988", "319072262300676424023159369269861975789", "236629555272760352689175793201997028680", "208312891030012485909298532738278861862", "79268551593472731336139171829962969841"], "threshold":0.9}, "id":"ASB-A-160346309-3aeef053", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/5fe4a516e5f194b03153a9f544b4f79da18c46d0", "target":{"file":"media/libstagefright/MediaCodec.cpp"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2021-02-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/av/+/5fe4a516e5f194b03153a9f544b4f79da18c46d0"}]}