{"id":"ASB-A-193363621", "published":"2021-12-01T00:00:00Z", "modified":"2026-04-30T15:48:46.890647439Z", "aliases":["CVE-2021-0964", "A-193363621"], "details":"In C2SoftMP3::process() of C2SoftMp3Dec.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.", "affected":[{"package":{"name":"platform/hardware/google/av", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"9:0"}, {"fixed":"9:2021-12-01"}]}], "versions":["9"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/hardware/google/av/+/c3e2eb596635757ef854ce288cd2cd9921d7fa45"], "severity":"High", "spl":"2021-12-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["43880098200668643346508557869682770055", "318607763541445393655535403309768895787", "276703186263668439432569423678666677466", "126108513511708102732740812763650642324"], "threshold":0.9}, "id":"ASB-A-193363621-a507c647", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/hardware/google/av/+/c3e2eb596635757ef854ce288cd2cd9921d7fa45", "target":{"file":"media/codecs/mp3/C2SoftMp3Dec.cpp"}}, {"deprecated":false, "digest":{"function_hash":"135625351549208901408861286811622870460", "length":5612}, "id":"ASB-A-193363621-b5991258", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/hardware/google/av/+/c3e2eb596635757ef854ce288cd2cd9921d7fa45", "target":{"file":"media/codecs/mp3/C2SoftMp3Dec.cpp", "function":"C2SoftMP3::process"}}]}}, {"package":{"name":"platform/frameworks/av", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"10:0"}, {"fixed":"10:2021-12-01"}]}], "versions":["10"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/av/+/dc32721e28e79df4dd2f5bb896bcf586ebeda5e9"], "severity":"High", "spl":"2021-12-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["43880098200668643346508557869682770055", "318607763541445393655535403309768895787", "276703186263668439432569423678666677466", "126108513511708102732740812763650642324"], "threshold":0.9}, "id":"ASB-A-193363621-283f9804", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/dc32721e28e79df4dd2f5bb896bcf586ebeda5e9", "target":{"file":"media/codec2/components/mp3/C2SoftMp3Dec.cpp"}}, {"deprecated":false, "digest":{"function_hash":"156248296851199659471483252604381389404", "length":5619}, "id":"ASB-A-193363621-65b7b2c4", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/dc32721e28e79df4dd2f5bb896bcf586ebeda5e9", "target":{"file":"media/codec2/components/mp3/C2SoftMp3Dec.cpp", "function":"C2SoftMP3::process"}}]}}, {"package":{"name":"platform/frameworks/av", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2021-12-01"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/av/+/dc32721e28e79df4dd2f5bb896bcf586ebeda5e9"], "severity":"High", "spl":"2021-12-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["43880098200668643346508557869682770055", "318607763541445393655535403309768895787", "276703186263668439432569423678666677466", "126108513511708102732740812763650642324"], "threshold":0.9}, "id":"ASB-A-193363621-6c3c6e15", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/dc32721e28e79df4dd2f5bb896bcf586ebeda5e9", "target":{"file":"media/codec2/components/mp3/C2SoftMp3Dec.cpp"}}, {"deprecated":false, "digest":{"function_hash":"156248296851199659471483252604381389404", "length":5619}, "id":"ASB-A-193363621-fcdf0b06", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/dc32721e28e79df4dd2f5bb896bcf586ebeda5e9", "target":{"file":"media/codec2/components/mp3/C2SoftMp3Dec.cpp", "function":"C2SoftMP3::process"}}]}}, {"package":{"name":"platform/frameworks/av", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12:0"}, {"fixed":"12:2021-12-01"}]}], "versions":["12"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/av/+/dc32721e28e79df4dd2f5bb896bcf586ebeda5e9"], "severity":"High", "spl":"2021-12-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["43880098200668643346508557869682770055", "318607763541445393655535403309768895787", "276703186263668439432569423678666677466", "126108513511708102732740812763650642324"], "threshold":0.9}, "id":"ASB-A-193363621-a3bea0ca", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/dc32721e28e79df4dd2f5bb896bcf586ebeda5e9", "target":{"file":"media/codec2/components/mp3/C2SoftMp3Dec.cpp"}}, {"deprecated":false, "digest":{"function_hash":"156248296851199659471483252604381389404", "length":5619}, "id":"ASB-A-193363621-ab11b85c", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/dc32721e28e79df4dd2f5bb896bcf586ebeda5e9", "target":{"file":"media/codec2/components/mp3/C2SoftMp3Dec.cpp", "function":"C2SoftMP3::process"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2021-12-01"}]}