{"id":"ASB-A-188893559", "published":"2021-12-01T00:00:00Z", "modified":"2026-05-01T15:24:27.653932157Z", "aliases":["CVE-2021-0971", "A-188893559"], "details":"In MPEG4Source::read of MPEG4Extractor.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/av", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"9:0"}, {"fixed":"9:2021-12-05"}]}], "versions":["9"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/av/+/d13a4efc7a5c07c95a00036a7db15b16116b41a5"], "severity":"High", "spl":"2021-12-05", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["130407003408990509847617766837743465864", "126661261809857713936724813726950350439", "327298313001233210597092582416710992705", "187134861346026593606578275531654738028", "265594072352341781968374892769002522590", "286048203133445734809555858812193155969", "206342229608626372018235246874117795328", "120442340107153497548420716076854226825", "205038619628968264154546117350607330444", "156672785600177857284569566917685691819", "27041513861367895821381697177687360796", "222052858770915641541326418596598908171", "231688285497031449143415612428446521566", "157354699372058459345056094344774560219", "25898820081694474639530659188313523050", "254411297442169944213995411699536614019", "212041461865253097569538614065489310068", "39420765489541656641619705884622210316", "256084695141282911867047626001005886600", "41896611912511696744511150933946918976", "85842841450138108428978856660010834628", "242947433218959608275094775214665085443"], "threshold":0.9}, "id":"ASB-A-188893559-14fb878d", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/d13a4efc7a5c07c95a00036a7db15b16116b41a5", "target":{"file":"media/extractors/mp4/MPEG4Extractor.cpp"}}, {"deprecated":false, "digest":{"function_hash":"302997053393924354128895893519666193605", "length":2432}, "id":"ASB-A-188893559-8e2cae8b", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/d13a4efc7a5c07c95a00036a7db15b16116b41a5", "target":{"file":"media/extractors/mp4/MPEG4Extractor.cpp", "function":"MPEG4Source::MPEG4Source"}}, {"deprecated":false, "digest":{"function_hash":"240936766753096735795334765645641439000", "length":6977}, "id":"ASB-A-188893559-ab3a2d15", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/d13a4efc7a5c07c95a00036a7db15b16116b41a5", "target":{"file":"media/extractors/mp4/MPEG4Extractor.cpp", "function":"MPEG4Source::read"}}, {"deprecated":false, "digest":{"function_hash":"109104405059307769068458604737755554630", "length":875}, "id":"ASB-A-188893559-f18763bd", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/d13a4efc7a5c07c95a00036a7db15b16116b41a5", "target":{"file":"media/extractors/mp4/MPEG4Extractor.cpp", "function":"MPEG4Source::start"}}, {"deprecated":false, "digest":{"function_hash":"156393031621899562568828643054737883696", "length":281}, "id":"ASB-A-188893559-f9319eba", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/d13a4efc7a5c07c95a00036a7db15b16116b41a5", "target":{"file":"media/extractors/mp4/MPEG4Extractor.cpp", "function":"MPEG4Source::stop"}}]}}, {"package":{"name":"platform/frameworks/av", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"10:0"}, {"fixed":"10:2021-12-05"}]}], "versions":["10"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/av/+/3c5de138ed3b697e0119e7526ae7f6ed09f357cc"], "severity":"High", "spl":"2021-12-05", "types":["ID"]}}, {"package":{"name":"platform/frameworks/av", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2021-12-05"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/av/+/3c5de138ed3b697e0119e7526ae7f6ed09f357cc"], "severity":"High", "spl":"2021-12-05", "types":["ID"]}}, {"package":{"name":"platform/frameworks/av", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12:0"}, {"fixed":"12:2021-12-05"}]}], "versions":["12"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/av/+/1d5c36d889a2ce730685ffdf487ef37971c42ef4"], "severity":"High", "spl":"2021-12-05", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"203656738290453830007845030436390538376", "length":710}, "id":"ASB-A-188893559-3c1923d8", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/1d5c36d889a2ce730685ffdf487ef37971c42ef4", "target":{"file":"media/extractors/mp4/MPEG4Extractor.cpp", "function":"MPEG4Source::start"}}, {"deprecated":false, "digest":{"function_hash":"125956997577254263352658875871082931556", "length":10278}, "id":"ASB-A-188893559-41049e25", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/1d5c36d889a2ce730685ffdf487ef37971c42ef4", "target":{"file":"media/extractors/mp4/MPEG4Extractor.cpp", "function":"MPEG4Source::read"}}, {"deprecated":false, "digest":{"function_hash":"33875055151062456510490058068096375231", "length":4692}, "id":"ASB-A-188893559-5c890574", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/1d5c36d889a2ce730685ffdf487ef37971c42ef4", "target":{"file":"media/extractors/mp4/MPEG4Extractor.cpp", "function":"MPEG4Source::MPEG4Source"}}, {"deprecated":false, "digest":{"line_hashes":["321574769811247314751273609416809024001", "225171250139788195278748488212190238721", "248616298648776904614516915079911925541", "282190448648714590751049113984733187599", "123679115721083831063003150835082386234", "214934196773800004921525103649850295503", "332171114058105969196228832627989470461", "271599469198682802962819457108573565368", "142147131761617980804969723857932893812", "333065124964863523346868907081019383759", "38290672031772373048821930482019456611", "222052858770915641541326418596598908171", "231688285497031449143415612428446521566", "255508728156890850427217730327713834402", "56225122554343842981007590040086535554", "193757175305430297528858034371647266922", "158093320456286410543634928712222081161", "48061167473747081923442297814071022359", "227671036278827796055037462564300279027", "262902866548860527790026370581031820386", "41385525598247107887333689752097077178", "43733170130701897297075764996936351502"], "threshold":0.9}, "id":"ASB-A-188893559-a9de0725", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/1d5c36d889a2ce730685ffdf487ef37971c42ef4", "target":{"file":"media/extractors/mp4/MPEG4Extractor.cpp"}}, {"deprecated":false, "digest":{"function_hash":"330830027588050062221341932925713882982", "length":256}, "id":"ASB-A-188893559-be30ec97", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/1d5c36d889a2ce730685ffdf487ef37971c42ef4", "target":{"file":"media/extractors/mp4/MPEG4Extractor.cpp", "function":"MPEG4Source::stop"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2021-12-01"}]}