{"id":"ASB-A-213169612", "published":"2022-04-01T00:00:00Z", "modified":"2026-05-01T15:24:27.653932157Z", "aliases":["CVE-2021-39798", "A-213169612"], "details":"In Bitmap_createFromParcel of Bitmap.cpp, there is a possible arbitrary code execution due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12:0"}, {"fixed":"12:2022-04-01"}]}], "versions":["12"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/a52463fd6e71dd0563b3fd8883b4ccaf9f858e8b"], "severity":"High", "spl":"2022-04-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"298723804618210622839170125048816206607", "length":1091}, "id":"ASB-A-213169612-1fa480c4", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/a52463fd6e71dd0563b3fd8883b4ccaf9f858e8b", "target":{"file":"libs/hwui/jni/Bitmap.cpp", "function":"readBlob"}}, {"deprecated":false, "digest":{"line_hashes":["266940641778186271866308530012146931755", "134935205797807340712525054349880971403", "171265355272777184913210828042316108610", "133986448833256767128279036091857926309", "109494114485040037795143545000596918024", "112989504939797086154816508027829577274", "105485686445977056688041581686711479221", "135864330342260059480847191298899514970", "137695649785554190667041293028485676745", "5143597894172950500846437306196644155", "247342482795181788939364105810181033524", "152136980744809224016368491168192611787", "224572554855085605716299869588936496471", "10527546642301129621937105445842490683", "72181011004665163325778608617443450080", "312375336833074828332809641563836110834", "276999878176087488419289360253581284940", "102779650256351647895689418430519148892", "111506834329235192579738431474292614497", "238315880751827910418473125769919670870", "118674983319243195874539893906826933015", "299408165301620595386164836616322766701", "212358219752102462755019565970264053481", "88635882593219811637920904833607027486", "183592633330104206910238041767769170097", "64561312864262026145385672497871425421", "117167398424197783359649220834771308833", "124113715689834575848019527548738463802", "41953089415888579848886477307023923384", "49348247240288722149282036387251972336", "151529537084475421808189218427468043085", "70866061804200166391843393247438832936", "124080396256517005523343692377585138235", "268780280152106401896730617865992259409", "38018975486190279725620322635740032435", "218765315951525777160099138459380053489", "332759062103260616126780964962032309307", "100099594786023010934379429141002890867", "31520142473009231543661306676353784509", "177044517232391069709154446997312219037", "261577655648236193359564407731469647553", "32084054888982228337732647728637996568", "166419116124279963279601817505773587879", "83137984006902329856373014592213398901", "64705325922269890852145519755812279894", "173786163302649528980616219057508420232", "140699939495861654492147727087722041132", "311064847245759385108463228089070803348", "248628769412137846834283109888606066732"], "threshold":0.9}, "id":"ASB-A-213169612-744edf78", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/a52463fd6e71dd0563b3fd8883b4ccaf9f858e8b", "target":{"file":"libs/hwui/jni/Bitmap.cpp"}}, {"deprecated":false, "digest":{"function_hash":"80049770482475436318459513906402584726", "length":2742}, "id":"ASB-A-213169612-b18ff1c5", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/a52463fd6e71dd0563b3fd8883b4ccaf9f858e8b", "target":{"file":"libs/hwui/jni/Bitmap.cpp", "function":"Bitmap_createFromParcel"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12L:0"}, {"fixed":"12L:2022-04-01"}]}], "versions":["12L"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/a52463fd6e71dd0563b3fd8883b4ccaf9f858e8b"], "severity":"High", "spl":"2022-04-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"80049770482475436318459513906402584726", "length":2742}, "id":"ASB-A-213169612-3543a394", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/a52463fd6e71dd0563b3fd8883b4ccaf9f858e8b", "target":{"file":"libs/hwui/jni/Bitmap.cpp", "function":"Bitmap_createFromParcel"}}, {"deprecated":false, "digest":{"line_hashes":["266940641778186271866308530012146931755", "134935205797807340712525054349880971403", "171265355272777184913210828042316108610", "133986448833256767128279036091857926309", "109494114485040037795143545000596918024", "112989504939797086154816508027829577274", "105485686445977056688041581686711479221", "135864330342260059480847191298899514970", "137695649785554190667041293028485676745", "5143597894172950500846437306196644155", "247342482795181788939364105810181033524", "152136980744809224016368491168192611787", "224572554855085605716299869588936496471", "10527546642301129621937105445842490683", "72181011004665163325778608617443450080", "312375336833074828332809641563836110834", "276999878176087488419289360253581284940", "102779650256351647895689418430519148892", "111506834329235192579738431474292614497", "238315880751827910418473125769919670870", "118674983319243195874539893906826933015", "299408165301620595386164836616322766701", "212358219752102462755019565970264053481", "88635882593219811637920904833607027486", "183592633330104206910238041767769170097", "64561312864262026145385672497871425421", "117167398424197783359649220834771308833", "124113715689834575848019527548738463802", "41953089415888579848886477307023923384", "49348247240288722149282036387251972336", "151529537084475421808189218427468043085", "70866061804200166391843393247438832936", "124080396256517005523343692377585138235", "268780280152106401896730617865992259409", "38018975486190279725620322635740032435", "218765315951525777160099138459380053489", "332759062103260616126780964962032309307", "100099594786023010934379429141002890867", "31520142473009231543661306676353784509", "177044517232391069709154446997312219037", "261577655648236193359564407731469647553", "32084054888982228337732647728637996568", "166419116124279963279601817505773587879", "83137984006902329856373014592213398901", "64705325922269890852145519755812279894", "173786163302649528980616219057508420232", "140699939495861654492147727087722041132", "311064847245759385108463228089070803348", "248628769412137846834283109888606066732"], "threshold":0.9}, "id":"ASB-A-213169612-d539137e", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/a52463fd6e71dd0563b3fd8883b4ccaf9f858e8b", "target":{"file":"libs/hwui/jni/Bitmap.cpp"}}, {"deprecated":false, "digest":{"function_hash":"298723804618210622839170125048816206607", "length":1091}, "id":"ASB-A-213169612-e2a925f8", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/a52463fd6e71dd0563b3fd8883b4ccaf9f858e8b", "target":{"file":"libs/hwui/jni/Bitmap.cpp", "function":"readBlob"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2022-04-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/base/+/18b5537c74e29f3420882c37f81e95bebdb54029"}]}