{"id":"ASB-A-215002587", "published":"2022-04-01T00:00:00Z", "modified":"2026-05-01T15:24:27.653932157Z", "aliases":["CVE-2021-39804", "A-215002587"], "details":"In reinit of HeifDecoderImpl.cpp, there is a possible crash due to a missing null check. This could lead to remote persistent denial of service in the file picker with no additional execution privileges needed. User interaction is needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/av", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2022-04-01"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/av/+/616bd340ecded759720199bcf5b8562e0fdf3f59"], "severity":"High", "spl":"2022-04-01", "types":["DoS"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["120094149259898520039636647466959784927", "189658632857752840631892844443326689291", "146690459648094460987152018503952238443", "178671603697984325450663552958525370914", "127679628326051150164104027699124853381", "108294308126805958334691522993731809941", "201147652771583851881525933246798600192", "85123002385931961319632137301270385112"], "threshold":0.9}, "id":"ASB-A-215002587-1a2a6e41", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/616bd340ecded759720199bcf5b8562e0fdf3f59", "target":{"file":"media/libheif/HeifDecoderImpl.cpp"}}, {"deprecated":false, "digest":{"function_hash":"300673128464053907379081520348570002058", "length":2249}, "id":"ASB-A-215002587-d3dec402", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/616bd340ecded759720199bcf5b8562e0fdf3f59", "target":{"file":"media/libheif/HeifDecoderImpl.cpp", "function":"HeifDecoderImpl::reinit"}}]}}, {"package":{"name":"platform/frameworks/av", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12:0"}, {"fixed":"12:2022-04-01"}]}], "versions":["12"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/av/+/616bd340ecded759720199bcf5b8562e0fdf3f59"], "severity":"High", "spl":"2022-04-01", "types":["DoS"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["120094149259898520039636647466959784927", "189658632857752840631892844443326689291", "146690459648094460987152018503952238443", "178671603697984325450663552958525370914", "127679628326051150164104027699124853381", "108294308126805958334691522993731809941", "201147652771583851881525933246798600192", "85123002385931961319632137301270385112"], "threshold":0.9}, "id":"ASB-A-215002587-a8b555d0", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/616bd340ecded759720199bcf5b8562e0fdf3f59", "target":{"file":"media/libheif/HeifDecoderImpl.cpp"}}, {"deprecated":false, "digest":{"function_hash":"300673128464053907379081520348570002058", "length":2249}, "id":"ASB-A-215002587-d9058542", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/616bd340ecded759720199bcf5b8562e0fdf3f59", "target":{"file":"media/libheif/HeifDecoderImpl.cpp", "function":"HeifDecoderImpl::reinit"}}]}}, {"package":{"name":"platform/frameworks/av", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12L:0"}, {"fixed":"12L:2022-04-01"}]}], "versions":["12L"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/av/+/616bd340ecded759720199bcf5b8562e0fdf3f59"], "severity":"High", "spl":"2022-04-01", "types":["DoS"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"300673128464053907379081520348570002058", "length":2249}, "id":"ASB-A-215002587-57e22744", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/616bd340ecded759720199bcf5b8562e0fdf3f59", "target":{"file":"media/libheif/HeifDecoderImpl.cpp", "function":"HeifDecoderImpl::reinit"}}, {"deprecated":false, "digest":{"line_hashes":["120094149259898520039636647466959784927", "189658632857752840631892844443326689291", "146690459648094460987152018503952238443", "178671603697984325450663552958525370914", "127679628326051150164104027699124853381", "108294308126805958334691522993731809941", "201147652771583851881525933246798600192", "85123002385931961319632137301270385112"], "threshold":0.9}, "id":"ASB-A-215002587-c9821319", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/616bd340ecded759720199bcf5b8562e0fdf3f59", "target":{"file":"media/libheif/HeifDecoderImpl.cpp"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2022-04-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/av/+/3942f55f1c8e36b0f9d4c5acf99b177476f96457"}]}