{"id":"ASB-A-233735886", "published":"2022-09-01T00:00:00Z", "modified":"2026-04-29T15:10:00.007170452Z", "aliases":["CVE-2022-20393", "A-233735886"], "details":"In extract3GPPGlobalDescriptions of TextDescriptions.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure from the media server with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/av", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13-next:0"}, {"fixed":"13-next:2022-09-01"}]}], "versions":["13-next"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/av/+/bba676b80fe34c20d0834582a03f307e6524f414"], "severity":"High", "spl":"2022-09-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"50675638291051841526738330140886205029", "length":2780}, "id":"ASB-A-233735886-4802d056", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/bba676b80fe34c20d0834582a03f307e6524f414", "target":{"file":"media/libstagefright/timedtext/TextDescriptions.cpp", "function":"TextDescriptions::extract3GPPGlobalDescriptions"}}, {"deprecated":false, "digest":{"line_hashes":["229386592317417695301799087523203399799", "109219931390342791495629278406969013539", "198744136753815729415861381615626259319", "237196193812767868580563222050800769717"], "threshold":0.9}, "id":"ASB-A-233735886-ecd339bf", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/bba676b80fe34c20d0834582a03f307e6524f414", "target":{"file":"media/libstagefright/timedtext/TextDescriptions.cpp"}}]}}, {"package":{"name":"platform/frameworks/av", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2022-09-01"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/av/+/b63d4e785ba4d896bbbd50d4f09bda13294926af"], "severity":"High", "spl":"2022-09-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"50675638291051841526738330140886205029", "length":2780}, "id":"ASB-A-233735886-673a1ae7", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/b63d4e785ba4d896bbbd50d4f09bda13294926af", "target":{"file":"media/libstagefright/timedtext/TextDescriptions.cpp", "function":"TextDescriptions::extract3GPPGlobalDescriptions"}}, {"deprecated":false, "digest":{"line_hashes":["229386592317417695301799087523203399799", "109219931390342791495629278406969013539", "198744136753815729415861381615626259319", "237196193812767868580563222050800769717"], "threshold":0.9}, "id":"ASB-A-233735886-ae1819fc", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/b63d4e785ba4d896bbbd50d4f09bda13294926af", "target":{"file":"media/libstagefright/timedtext/TextDescriptions.cpp"}}]}}, {"package":{"name":"platform/frameworks/av", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12:0"}, {"fixed":"12:2022-09-01"}]}], "versions":["12"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/av/+/b63d4e785ba4d896bbbd50d4f09bda13294926af"], "severity":"High", "spl":"2022-09-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["229386592317417695301799087523203399799", "109219931390342791495629278406969013539", "198744136753815729415861381615626259319", "237196193812767868580563222050800769717"], "threshold":0.9}, "id":"ASB-A-233735886-37659871", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/b63d4e785ba4d896bbbd50d4f09bda13294926af", "target":{"file":"media/libstagefright/timedtext/TextDescriptions.cpp"}}, {"deprecated":false, "digest":{"function_hash":"50675638291051841526738330140886205029", "length":2780}, "id":"ASB-A-233735886-f28df4bc", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/b63d4e785ba4d896bbbd50d4f09bda13294926af", "target":{"file":"media/libstagefright/timedtext/TextDescriptions.cpp", "function":"TextDescriptions::extract3GPPGlobalDescriptions"}}]}}, {"package":{"name":"platform/frameworks/av", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12L:0"}, {"fixed":"12L:2022-09-01"}]}], "versions":["12L"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/av/+/b63d4e785ba4d896bbbd50d4f09bda13294926af"], "severity":"High", "spl":"2022-09-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"50675638291051841526738330140886205029", "length":2780}, "id":"ASB-A-233735886-689245c8", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/b63d4e785ba4d896bbbd50d4f09bda13294926af", "target":{"file":"media/libstagefright/timedtext/TextDescriptions.cpp", "function":"TextDescriptions::extract3GPPGlobalDescriptions"}}, {"deprecated":false, "digest":{"line_hashes":["229386592317417695301799087523203399799", "109219931390342791495629278406969013539", "198744136753815729415861381615626259319", "237196193812767868580563222050800769717"], "threshold":0.9}, "id":"ASB-A-233735886-98a328bb", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/b63d4e785ba4d896bbbd50d4f09bda13294926af", "target":{"file":"media/libstagefright/timedtext/TextDescriptions.cpp"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2022-09-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/av/+/b63d4e785ba4d896bbbd50d4f09bda13294926af"}]}