{"id":"ASB-A-174238784", "published":"2021-02-01T00:00:00Z", "modified":"2026-04-29T15:10:00.007170452Z", "aliases":["CVE-2021-0325", "A-174238784"], "details":"In ih264d_parse_pslice of ih264d_parse_pslice.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.", "affected":[{"package":{"name":"platform/external/libavc", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"8.0:0"}, {"fixed":"8.0:2021-02-01"}]}], "versions":["8.0"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/external/libavc/+/fd7e28588f149c1683c4f7a0a1c543f51b1cd41a"], "severity":"Critical", "spl":"2021-02-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["237226019685075427898811731122090327538", "198432648925659676265898531579230597559", "159364454548399457674165221246845742230", "79543508036890462017988120136534392218"], "threshold":0.9}, "id":"ASB-A-174238784-2a142279", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/libavc/+/fd7e28588f149c1683c4f7a0a1c543f51b1cd41a", "target":{"file":"decoder/ih264d_parse_slice.c"}}, {"deprecated":false, "digest":{"function_hash":"275160209321157437284212852307610128632", "length":16242}, "id":"ASB-A-174238784-8cc5e977", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/libavc/+/fd7e28588f149c1683c4f7a0a1c543f51b1cd41a", "target":{"file":"decoder/ih264d_parse_slice.c", "function":"ih264d_parse_decode_slice"}}]}}, {"package":{"name":"platform/external/libavc", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"8.1:0"}, {"fixed":"8.1:2021-02-01"}]}], "versions":["8.1"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/external/libavc/+/fd7e28588f149c1683c4f7a0a1c543f51b1cd41a"], "severity":"Critical", "spl":"2021-02-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["237226019685075427898811731122090327538", "198432648925659676265898531579230597559", "159364454548399457674165221246845742230", "79543508036890462017988120136534392218"], "threshold":0.9}, "id":"ASB-A-174238784-6a97e5bc", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/libavc/+/fd7e28588f149c1683c4f7a0a1c543f51b1cd41a", "target":{"file":"decoder/ih264d_parse_slice.c"}}, {"deprecated":false, "digest":{"function_hash":"275160209321157437284212852307610128632", "length":16242}, "id":"ASB-A-174238784-e3d91761", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/libavc/+/fd7e28588f149c1683c4f7a0a1c543f51b1cd41a", "target":{"file":"decoder/ih264d_parse_slice.c", "function":"ih264d_parse_decode_slice"}}]}}, {"package":{"name":"platform/external/libavc", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"9:0"}, {"fixed":"9:2021-02-01"}]}], "versions":["9"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/external/libavc/+/fd7e28588f149c1683c4f7a0a1c543f51b1cd41a"], "severity":"Critical", "spl":"2021-02-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"275160209321157437284212852307610128632", "length":16242}, "id":"ASB-A-174238784-5cc14d67", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/libavc/+/fd7e28588f149c1683c4f7a0a1c543f51b1cd41a", "target":{"file":"decoder/ih264d_parse_slice.c", "function":"ih264d_parse_decode_slice"}}, {"deprecated":false, "digest":{"line_hashes":["237226019685075427898811731122090327538", "198432648925659676265898531579230597559", "159364454548399457674165221246845742230", "79543508036890462017988120136534392218"], "threshold":0.9}, "id":"ASB-A-174238784-60922165", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/libavc/+/fd7e28588f149c1683c4f7a0a1c543f51b1cd41a", "target":{"file":"decoder/ih264d_parse_slice.c"}}]}}, {"package":{"name":"platform/external/libavc", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"10:0"}, {"fixed":"10:2021-02-01"}]}], "versions":["10"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/external/libavc/+/fd7e28588f149c1683c4f7a0a1c543f51b1cd41a"], "severity":"High", "spl":"2021-02-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"275160209321157437284212852307610128632", "length":16242}, "id":"ASB-A-174238784-20955ea3", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/libavc/+/fd7e28588f149c1683c4f7a0a1c543f51b1cd41a", "target":{"file":"decoder/ih264d_parse_slice.c", "function":"ih264d_parse_decode_slice"}}, {"deprecated":false, "digest":{"line_hashes":["237226019685075427898811731122090327538", "198432648925659676265898531579230597559", "159364454548399457674165221246845742230", "79543508036890462017988120136534392218"], "threshold":0.9}, "id":"ASB-A-174238784-3f0e6cea", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/libavc/+/fd7e28588f149c1683c4f7a0a1c543f51b1cd41a", "target":{"file":"decoder/ih264d_parse_slice.c"}}]}}, {"package":{"name":"platform/external/libavc", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2021-02-01"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/external/libavc/+/fd7e28588f149c1683c4f7a0a1c543f51b1cd41a"], "severity":"High", "spl":"2021-02-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"275160209321157437284212852307610128632", "length":16242}, "id":"ASB-A-174238784-9152296d", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/libavc/+/fd7e28588f149c1683c4f7a0a1c543f51b1cd41a", "target":{"file":"decoder/ih264d_parse_slice.c", "function":"ih264d_parse_decode_slice"}}, {"deprecated":false, "digest":{"line_hashes":["237226019685075427898811731122090327538", "198432648925659676265898531579230597559", "159364454548399457674165221246845742230", "79543508036890462017988120136534392218"], "threshold":0.9}, "id":"ASB-A-174238784-96173cdf", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/libavc/+/fd7e28588f149c1683c4f7a0a1c543f51b1cd41a", "target":{"file":"decoder/ih264d_parse_slice.c"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2021-02-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/external/libavc/+/fd7e28588f149c1683c4f7a0a1c543f51b1cd41a"}]}