{"id":"ASB-A-173720767", "published":"2021-05-01T00:00:00Z", "modified":"2026-05-01T15:24:27.653932157Z", "aliases":["CVE-2021-0484", "A-173720767"], "details":"In readVector of IMediaPlayer.cpp, there is a possible read of uninitialized heap data due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/av", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"8.1:0"}, {"fixed":"8.1:2021-05-01"}]}], "versions":["8.1"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/av/+/ae59a1c2c0831fdc541949a72742f8d619238071"], "severity":"High", "spl":"2021-05-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["137147752638932862531344470674846886878", "231227451299928998277620542025444966994", "83770904494722983864759919224197592579", "150648564436782432705863751090426698079", "196444031110439513754514230037196356470", "271822407266642178302208433187822725631", "322224461524526038265709943383573174557", "272037574455818530587285395380489149941", "66787794564371268727059360801326862866", "224702763775032344028098836855576249824", "22977814044481917704434935293811452310", "131369053059246382188197360487718532980", "272449105225689450702413453354131643521", "273183550824803671003551279574819198361"], "threshold":0.9}, "id":"ASB-A-173720767-24418602", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/ae59a1c2c0831fdc541949a72742f8d619238071", "target":{"file":"media/libmedia/IMediaPlayer.cpp"}}, {"deprecated":false, "digest":{"function_hash":"329994345319308338067852731081698756910", "length":190}, "id":"ASB-A-173720767-510a8b79", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/ae59a1c2c0831fdc541949a72742f8d619238071", "target":{"file":"media/libmedia/IMediaPlayer.cpp", "function":"readVector"}}, {"deprecated":false, "digest":{"function_hash":"334001344346238633597741940204780235569", "length":9597}, "id":"ASB-A-173720767-94b7e0ee", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/ae59a1c2c0831fdc541949a72742f8d619238071", "target":{"file":"media/libmedia/IMediaPlayer.cpp", "function":"BnMediaPlayer::onTransact"}}]}}, {"package":{"name":"platform/frameworks/av", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"9:0"}, {"fixed":"9:2021-05-01"}]}], "versions":["9"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/av/+/6f400642d200cece345bde5527426c1f824d66e0"], "severity":"High", "spl":"2021-05-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["137147752638932862531344470674846886878", "231227451299928998277620542025444966994", "83770904494722983864759919224197592579", "233983285109276500546906613233327018833", "114891956278159326936611967311390745678", "271822407266642178302208433187822725631", "322224461524526038265709943383573174557", "272037574455818530587285395380489149941", "66787794564371268727059360801326862866", "224702763775032344028098836855576249824", "22977814044481917704434935293811452310", "131369053059246382188197360487718532980", "272449105225689450702413453354131643521", "273183550824803671003551279574819198361"], "threshold":0.9}, "id":"ASB-A-173720767-3a024b6b", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/6f400642d200cece345bde5527426c1f824d66e0", "target":{"file":"media/libmedia/IMediaPlayer.cpp"}}, {"deprecated":false, "digest":{"function_hash":"329994345319308338067852731081698756910", "length":190}, "id":"ASB-A-173720767-6b1b49a2", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/6f400642d200cece345bde5527426c1f824d66e0", "target":{"file":"media/libmedia/IMediaPlayer.cpp", "function":"readVector"}}, {"deprecated":false, "digest":{"function_hash":"72819463654876945845308859680022199371", "length":10517}, "id":"ASB-A-173720767-fe306002", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/6f400642d200cece345bde5527426c1f824d66e0", "target":{"file":"media/libmedia/IMediaPlayer.cpp", "function":"BnMediaPlayer::onTransact"}}]}}, {"package":{"name":"platform/frameworks/av", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"10:0"}, {"fixed":"10:2021-05-01"}]}], "versions":["10"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/av/+/f8c7ecf6567635062ccb262b0d1e58486420aad1"], "severity":"High", "spl":"2021-05-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["137147752638932862531344470674846886878", "231227451299928998277620542025444966994", "83770904494722983864759919224197592579", "233983285109276500546906613233327018833", "114891956278159326936611967311390745678", "271822407266642178302208433187822725631", "322224461524526038265709943383573174557", "272037574455818530587285395380489149941", "66787794564371268727059360801326862866", "224702763775032344028098836855576249824", "22977814044481917704434935293811452310", "131369053059246382188197360487718532980", "272449105225689450702413453354131643521", "273183550824803671003551279574819198361"], "threshold":0.9}, "id":"ASB-A-173720767-81e6ef66", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/f8c7ecf6567635062ccb262b0d1e58486420aad1", "target":{"file":"media/libmedia/IMediaPlayer.cpp"}}, {"deprecated":false, "digest":{"function_hash":"329994345319308338067852731081698756910", "length":190}, "id":"ASB-A-173720767-9f1bd2d8", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/f8c7ecf6567635062ccb262b0d1e58486420aad1", "target":{"file":"media/libmedia/IMediaPlayer.cpp", "function":"readVector"}}, {"deprecated":false, "digest":{"function_hash":"4445341174580082019547846390917346058", "length":10652}, "id":"ASB-A-173720767-e2e43eca", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/f8c7ecf6567635062ccb262b0d1e58486420aad1", "target":{"file":"media/libmedia/IMediaPlayer.cpp", "function":"BnMediaPlayer::onTransact"}}]}}, {"package":{"name":"platform/frameworks/av", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2021-05-01"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/av/+/346292cea9f4cc4173d4e0d9bd0844ea814cab95"], "severity":"High", "spl":"2021-05-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["21118745509113319667058368533170633004", "41792605754478995712089602561934856009", "166820881281461127374687190157666082393", "3514191016888557444805117661765457900", "233983285109276500546906613233327018833", "114891956278159326936611967311390745678", "271822407266642178302208433187822725631", "322224461524526038265709943383573174557", "272037574455818530587285395380489149941", "66787794564371268727059360801326862866", "224702763775032344028098836855576249824", "22977814044481917704434935293811452310", "131369053059246382188197360487718532980", "272449105225689450702413453354131643521", "273183550824803671003551279574819198361"], "threshold":0.9}, "id":"ASB-A-173720767-25db3550", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/346292cea9f4cc4173d4e0d9bd0844ea814cab95", "target":{"file":"media/libmedia/IMediaPlayer.cpp"}}, {"deprecated":false, "digest":{"function_hash":"329994345319308338067852731081698756910", "length":190}, "id":"ASB-A-173720767-9ac11c87", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/346292cea9f4cc4173d4e0d9bd0844ea814cab95", "target":{"file":"media/libmedia/IMediaPlayer.cpp", "function":"readVector"}}, {"deprecated":false, "digest":{"function_hash":"4445341174580082019547846390917346058", "length":10652}, "id":"ASB-A-173720767-a71007ac", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/346292cea9f4cc4173d4e0d9bd0844ea814cab95", "target":{"file":"media/libmedia/IMediaPlayer.cpp", "function":"BnMediaPlayer::onTransact"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2021-05-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/av/+/8e6748ee5b5363e660c81c0427c317b7a71a9181"}]}