{"id":"ASB-A-230630526", "published":"2023-02-01T00:00:00Z", "modified":"2026-04-29T15:10:00.007170452Z", "aliases":["CVE-2023-20948", "A-230630526"], "details":"In dropFramesUntilIframe of AAVCAssembler.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/av", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12:0"}, {"fixed":"12:2023-02-01"}]}], "versions":["12"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/av/+/3066b1410d87cc8f320cf8dd7eb7705172773919"], "severity":"High", "spl":"2023-02-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["212379021873874381798247829236382160182", "66417754514263419850213442380152917103", "83815358669303451646456030079685590824", "257864817666391178255675542568251582396", "263069363621899467718590819386129818171", "157817403914038502428079643464892840091", "101333980791625609406177382456945136167", "59797745874716954063490402646915308687", "7474857098925625077232707478489679628"], "threshold":0.9}, "id":"ASB-A-230630526-6588bcea", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/3066b1410d87cc8f320cf8dd7eb7705172773919", "target":{"file":"media/libstagefright/rtsp/AAVCAssembler.cpp"}}, {"deprecated":false, "digest":{"line_hashes":["140770239503625695064828509019799832477", "65151910557162486066798864813844158243", "307790884070244291519980776556995421879", "53843108038709408261758986378788463147", "291643098195140441343962701386998301660", "222376076498018654343369208564744225737", "116942000878267325333699752797775468688", "10740280627826607411568439716866325047", "251084557062795462069238240176517221836", "66320444299511471936883387867503732979", "85860989143724487160794368716943060739", "251389852599537295098525343765117788487"], "threshold":0.9}, "id":"ASB-A-230630526-71b5dc24", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/3066b1410d87cc8f320cf8dd7eb7705172773919", "target":{"file":"media/libstagefright/rtsp/AHEVCAssembler.cpp"}}, {"deprecated":false, "digest":{"function_hash":"308027462454203152321871474735483761019", "length":719}, "id":"ASB-A-230630526-76d7bdfa", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/3066b1410d87cc8f320cf8dd7eb7705172773919", "target":{"file":"media/libstagefright/rtsp/AAVCAssembler.cpp", "function":"AAVCAssembler::pickStartSeq"}}, {"deprecated":false, "digest":{"function_hash":"56722316515367879950337906555341498064", "length":613}, "id":"ASB-A-230630526-9f401594", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/3066b1410d87cc8f320cf8dd7eb7705172773919", "target":{"file":"media/libstagefright/rtsp/AHEVCAssembler.cpp", "function":"AHEVCAssembler::pickStartSeq"}}, {"deprecated":false, "digest":{"function_hash":"265553517352856004442905162954785064259", "length":227}, "id":"ASB-A-230630526-b8e9844b", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/3066b1410d87cc8f320cf8dd7eb7705172773919", "target":{"file":"media/libstagefright/rtsp/AAVCAssembler.cpp", "function":"AAVCAssembler::dropFramesUntilIframe"}}]}}, {"package":{"name":"platform/frameworks/av", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12L:0"}, {"fixed":"12L:2023-02-01"}]}], "versions":["12L"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/av/+/3066b1410d87cc8f320cf8dd7eb7705172773919"], "severity":"High", "spl":"2023-02-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"308027462454203152321871474735483761019", "length":719}, "id":"ASB-A-230630526-81b58407", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/3066b1410d87cc8f320cf8dd7eb7705172773919", "target":{"file":"media/libstagefright/rtsp/AAVCAssembler.cpp", "function":"AAVCAssembler::pickStartSeq"}}, {"deprecated":false, "digest":{"function_hash":"265553517352856004442905162954785064259", "length":227}, "id":"ASB-A-230630526-8f5b16b6", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/3066b1410d87cc8f320cf8dd7eb7705172773919", "target":{"file":"media/libstagefright/rtsp/AAVCAssembler.cpp", "function":"AAVCAssembler::dropFramesUntilIframe"}}, {"deprecated":false, "digest":{"function_hash":"56722316515367879950337906555341498064", "length":613}, "id":"ASB-A-230630526-8f931b76", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/3066b1410d87cc8f320cf8dd7eb7705172773919", "target":{"file":"media/libstagefright/rtsp/AHEVCAssembler.cpp", "function":"AHEVCAssembler::pickStartSeq"}}, {"deprecated":false, "digest":{"line_hashes":["212379021873874381798247829236382160182", "66417754514263419850213442380152917103", "83815358669303451646456030079685590824", "257864817666391178255675542568251582396", "263069363621899467718590819386129818171", "157817403914038502428079643464892840091", "101333980791625609406177382456945136167", "59797745874716954063490402646915308687", "7474857098925625077232707478489679628"], "threshold":0.9}, "id":"ASB-A-230630526-ae615258", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/3066b1410d87cc8f320cf8dd7eb7705172773919", "target":{"file":"media/libstagefright/rtsp/AAVCAssembler.cpp"}}, {"deprecated":false, "digest":{"line_hashes":["140770239503625695064828509019799832477", "65151910557162486066798864813844158243", "307790884070244291519980776556995421879", "53843108038709408261758986378788463147", "291643098195140441343962701386998301660", "222376076498018654343369208564744225737", "116942000878267325333699752797775468688", "10740280627826607411568439716866325047", "251084557062795462069238240176517221836", "66320444299511471936883387867503732979", "85860989143724487160794368716943060739", "251389852599537295098525343765117788487"], "threshold":0.9}, "id":"ASB-A-230630526-c58965bb", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/3066b1410d87cc8f320cf8dd7eb7705172773919", "target":{"file":"media/libstagefright/rtsp/AHEVCAssembler.cpp"}}]}}, {"package":{"name":"platform/frameworks/av", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13:0"}, {"fixed":"13:2023-02-01"}]}], "versions":["13"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/av/+/3066b1410d87cc8f320cf8dd7eb7705172773919"], "severity":"High", "spl":"2023-02-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["140770239503625695064828509019799832477", "65151910557162486066798864813844158243", "307790884070244291519980776556995421879", "53843108038709408261758986378788463147", "291643098195140441343962701386998301660", "222376076498018654343369208564744225737", "116942000878267325333699752797775468688", "10740280627826607411568439716866325047", "251084557062795462069238240176517221836", "66320444299511471936883387867503732979", "85860989143724487160794368716943060739", "251389852599537295098525343765117788487"], "threshold":0.9}, "id":"ASB-A-230630526-117ea795", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/3066b1410d87cc8f320cf8dd7eb7705172773919", "target":{"file":"media/libstagefright/rtsp/AHEVCAssembler.cpp"}}, {"deprecated":false, "digest":{"function_hash":"56722316515367879950337906555341498064", "length":613}, "id":"ASB-A-230630526-562f81c9", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/3066b1410d87cc8f320cf8dd7eb7705172773919", "target":{"file":"media/libstagefright/rtsp/AHEVCAssembler.cpp", "function":"AHEVCAssembler::pickStartSeq"}}, {"deprecated":false, "digest":{"function_hash":"265553517352856004442905162954785064259", "length":227}, "id":"ASB-A-230630526-9a815441", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/3066b1410d87cc8f320cf8dd7eb7705172773919", "target":{"file":"media/libstagefright/rtsp/AAVCAssembler.cpp", "function":"AAVCAssembler::dropFramesUntilIframe"}}, {"deprecated":false, "digest":{"function_hash":"308027462454203152321871474735483761019", "length":719}, "id":"ASB-A-230630526-ce723218", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/3066b1410d87cc8f320cf8dd7eb7705172773919", "target":{"file":"media/libstagefright/rtsp/AAVCAssembler.cpp", "function":"AAVCAssembler::pickStartSeq"}}, {"deprecated":false, "digest":{"line_hashes":["212379021873874381798247829236382160182", "66417754514263419850213442380152917103", "83815358669303451646456030079685590824", "257864817666391178255675542568251582396", "263069363621899467718590819386129818171", "157817403914038502428079643464892840091", "101333980791625609406177382456945136167", "59797745874716954063490402646915308687", "7474857098925625077232707478489679628"], "threshold":0.9}, "id":"ASB-A-230630526-d583668b", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/3066b1410d87cc8f320cf8dd7eb7705172773919", "target":{"file":"media/libstagefright/rtsp/AAVCAssembler.cpp"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2023-02-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/av/+/d037f9d65f1356bc99fd8e882e641e89796029d2"}]}