{"id":"ASB-A-279766766", "published":"2023-08-01T00:00:00Z", "modified":"2026-05-01T15:24:27.653932157Z", "aliases":["CVE-2023-21282", "A-279766766"], "details":"In TRANSPOSER_SETTINGS of lpp_tran.h, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.", "affected":[{"package":{"name":"platform/external/aac", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13-next:0"}, {"fixed":"13-next:2023-08-01"}]}], "versions":["13-next"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/external/aac/+/f682b8787eb312b9f8997dac4c2c18bb779cf0df"], "severity":"Critical", "spl":"2023-08-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["137485364397329512956617123630598953062", "319734127269816074276009054291440914706", "142184391661538065296615672940683793507", "205803596976412131032451772469158635915", "95337811043235553146515398896013463588"], "threshold":0.9}, "id":"ASB-A-279766766-06db2c77", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/aac/+/f682b8787eb312b9f8997dac4c2c18bb779cf0df", "target":{"file":"libSBRdec/src/lpp_tran.h"}}]}}, {"package":{"name":"platform/external/aac", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2023-08-01"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/external/aac/+/451762ca48e7fb30a0ce77a8962813a3419ec420"], "severity":"Critical", "spl":"2023-08-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["137485364397329512956617123630598953062", "319734127269816074276009054291440914706", "142184391661538065296615672940683793507", "205803596976412131032451772469158635915", "95337811043235553146515398896013463588"], "threshold":0.9}, "id":"ASB-A-279766766-c31ce1f6", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/aac/+/451762ca48e7fb30a0ce77a8962813a3419ec420", "target":{"file":"libSBRdec/src/lpp_tran.h"}}]}}, {"package":{"name":"platform/external/aac", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12:0"}, {"fixed":"12:2023-08-01"}]}], "versions":["12"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/external/aac/+/173576b2b39083c425f0ca37382a047b6ca3b524"], "severity":"Critical", "spl":"2023-08-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["137485364397329512956617123630598953062", "319734127269816074276009054291440914706", "142184391661538065296615672940683793507", "205803596976412131032451772469158635915", "95337811043235553146515398896013463588"], "threshold":0.9}, "id":"ASB-A-279766766-e6b2c014", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/aac/+/173576b2b39083c425f0ca37382a047b6ca3b524", "target":{"file":"libSBRdec/src/lpp_tran.h"}}]}}, {"package":{"name":"platform/external/aac", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12L:0"}, {"fixed":"12L:2023-08-01"}]}], "versions":["12L"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/external/aac/+/cd6f2198617dcfbdeeb08e2cb2d36046659291c7"], "severity":"Critical", "spl":"2023-08-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["137485364397329512956617123630598953062", "319734127269816074276009054291440914706", "142184391661538065296615672940683793507", "205803596976412131032451772469158635915", "95337811043235553146515398896013463588"], "threshold":0.9}, "id":"ASB-A-279766766-d57aac14", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/aac/+/cd6f2198617dcfbdeeb08e2cb2d36046659291c7", "target":{"file":"libSBRdec/src/lpp_tran.h"}}]}}, {"package":{"name":"platform/external/aac", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13:0"}, {"fixed":"13:2023-08-01"}]}], "versions":["13"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/external/aac/+/2f8c08a4e7b228a55e4c89f0931069de8eda2df6"], "severity":"Critical", "spl":"2023-08-01", "types":["RCE"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["137485364397329512956617123630598953062", "319734127269816074276009054291440914706", "142184391661538065296615672940683793507", "205803596976412131032451772469158635915", "95337811043235553146515398896013463588"], "threshold":0.9}, "id":"ASB-A-279766766-48ed2978", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/aac/+/2f8c08a4e7b228a55e4c89f0931069de8eda2df6", "target":{"file":"libSBRdec/src/lpp_tran.h"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2023-08-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/external/aac/+/4242f97d149b0bf0cd96f00cd1e9d30d5922cd46"}]}