{"id":"ASB-A-224314979", "published":"2022-06-01T00:00:00Z", "modified":"2026-05-01T15:24:27.653932157Z", "aliases":["CVE-2022-20130", "A-224314979"], "details":"In transportDec_OutOfBandConfig of  tpdec_lib.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/external/aac", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12L-next:0"}, {"fixed":"12L-next:2022-06-01"}]}], "versions":["12L-next"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/external/aac/+/067929dcd3467fd8e1383303efaff2cfc37224e9"], "severity":"Critical", "spl":"2022-06-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"14688623539237930573622344493800917118", "length":2284}, "id":"ASB-A-224314979-45959e09", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/aac/+/067929dcd3467fd8e1383303efaff2cfc37224e9", "target":{"file":"libMpegTPDec/src/tpdec_lib.cpp", "function":"transportDec_OutOfBandConfig"}}, {"deprecated":false, "digest":{"line_hashes":["41834245073546748005348337198116649443", "296567283181987654677179610525862122783", "108587633537507210242609878158511307392", "263040339922716737265934089119049662491", "13461143593537092071846640702810093743"], "threshold":0.9}, "id":"ASB-A-224314979-885abf8a", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/aac/+/067929dcd3467fd8e1383303efaff2cfc37224e9", "target":{"file":"libMpegTPDec/src/tpdec_lib.cpp"}}]}}, {"package":{"name":"platform/external/aac", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"10:0"}, {"fixed":"10:2022-06-01"}]}], "versions":["10"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/external/aac/+/eb07c22519d94e573f2a02947094acd2219dc07a"], "severity":"Critical", "spl":"2022-06-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"14688623539237930573622344493800917118", "length":2284}, "id":"ASB-A-224314979-15504185", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/aac/+/eb07c22519d94e573f2a02947094acd2219dc07a", "target":{"file":"libMpegTPDec/src/tpdec_lib.cpp", "function":"transportDec_OutOfBandConfig"}}, {"deprecated":false, "digest":{"line_hashes":["41834245073546748005348337198116649443", "296567283181987654677179610525862122783", "108587633537507210242609878158511307392", "263040339922716737265934089119049662491", "13461143593537092071846640702810093743"], "threshold":0.9}, "id":"ASB-A-224314979-faefdf1e", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/aac/+/eb07c22519d94e573f2a02947094acd2219dc07a", "target":{"file":"libMpegTPDec/src/tpdec_lib.cpp"}}]}}, {"package":{"name":"platform/external/aac", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2022-06-01"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/external/aac/+/6a3817573b089f01b13f4f3a195dda8a345d8fe0"], "severity":"Critical", "spl":"2022-06-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["41834245073546748005348337198116649443", "296567283181987654677179610525862122783", "108587633537507210242609878158511307392", "263040339922716737265934089119049662491", "13461143593537092071846640702810093743"], "threshold":0.9}, "id":"ASB-A-224314979-096f7809", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/aac/+/6a3817573b089f01b13f4f3a195dda8a345d8fe0", "target":{"file":"libMpegTPDec/src/tpdec_lib.cpp"}}, {"deprecated":false, "digest":{"function_hash":"14688623539237930573622344493800917118", "length":2284}, "id":"ASB-A-224314979-4a17c1c2", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/aac/+/6a3817573b089f01b13f4f3a195dda8a345d8fe0", "target":{"file":"libMpegTPDec/src/tpdec_lib.cpp", "function":"transportDec_OutOfBandConfig"}}]}}, {"package":{"name":"platform/external/aac", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12:0"}, {"fixed":"12:2022-06-01"}]}], "versions":["12"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/external/aac/+/23ef1ac38c2dae4cd755880fc8f98491efd26027"], "severity":"Critical", "spl":"2022-06-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"14688623539237930573622344493800917118", "length":2284}, "id":"ASB-A-224314979-22721a4c", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/aac/+/23ef1ac38c2dae4cd755880fc8f98491efd26027", "target":{"file":"libMpegTPDec/src/tpdec_lib.cpp", "function":"transportDec_OutOfBandConfig"}}, {"deprecated":false, "digest":{"line_hashes":["41834245073546748005348337198116649443", "296567283181987654677179610525862122783", "108587633537507210242609878158511307392", "263040339922716737265934089119049662491", "13461143593537092071846640702810093743"], "threshold":0.9}, "id":"ASB-A-224314979-fb38480f", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/aac/+/23ef1ac38c2dae4cd755880fc8f98491efd26027", "target":{"file":"libMpegTPDec/src/tpdec_lib.cpp"}}]}}, {"package":{"name":"platform/external/aac", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12L:0"}, {"fixed":"12L:2022-06-01"}]}], "versions":["12L"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/external/aac/+/2768a078f34a4d6cdb05916ad0e1f02d4c73fb6b"], "severity":"Critical", "spl":"2022-06-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["41834245073546748005348337198116649443", "296567283181987654677179610525862122783", "108587633537507210242609878158511307392", "263040339922716737265934089119049662491", "13461143593537092071846640702810093743"], "threshold":0.9}, "id":"ASB-A-224314979-12997a9a", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/aac/+/2768a078f34a4d6cdb05916ad0e1f02d4c73fb6b", "target":{"file":"libMpegTPDec/src/tpdec_lib.cpp"}}, {"deprecated":false, "digest":{"function_hash":"14688623539237930573622344493800917118", "length":2284}, "id":"ASB-A-224314979-9cdb4d92", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/aac/+/2768a078f34a4d6cdb05916ad0e1f02d4c73fb6b", "target":{"file":"libMpegTPDec/src/tpdec_lib.cpp", "function":"transportDec_OutOfBandConfig"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2022-06-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/external/aac/+/eb07c22519d94e573f2a02947094acd2219dc07a"}]}