{"id":"ASB-A-300476626", "published":"2024-01-01T00:00:00Z", "modified":"2026-04-29T15:10:00.007170452Z", "aliases":["CVE-2024-0018", "A-300476626"], "details":"In convertYUV420Planar16ToY410 of ColorConverter.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/av", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"14-next:0"}, {"fixed":"14-next:2024-01-01"}]}], "versions":["14-next"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/av/+/de2ad0fad97d6d97d1e01f0e8d8309536eb268b4"], "severity":"High", "spl":"2024-01-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"310341208956179683334654377453475759995", "length":2217}, "id":"ASB-A-300476626-a6c400d2", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/de2ad0fad97d6d97d1e01f0e8d8309536eb268b4", "target":{"file":"media/libstagefright/colorconversion/ColorConverter.cpp", "function":"ColorConverter::convertYUV420Planar16ToY410"}}, {"deprecated":false, "digest":{"line_hashes":["237642773140770629223374241640798591635", "163457611276205963244446981627721032515", "74910921736916105675720479610668199226", "270923727061087968670322124290773998805"], "threshold":0.9}, "id":"ASB-A-300476626-f5a6ac55", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/de2ad0fad97d6d97d1e01f0e8d8309536eb268b4", "target":{"file":"media/libstagefright/colorconversion/ColorConverter.cpp"}}]}}, {"package":{"name":"platform/frameworks/av", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2024-01-01"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/av/+/aa8298ec8eb903e1e3dd915fa24f32e1aea1f76c"], "severity":"High", "spl":"2024-01-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["237642773140770629223374241640798591635", "163457611276205963244446981627721032515", "74910921736916105675720479610668199226", "270923727061087968670322124290773998805"], "threshold":0.9}, "id":"ASB-A-300476626-2fa9ba6e", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/aa8298ec8eb903e1e3dd915fa24f32e1aea1f76c", "target":{"file":"media/libstagefright/colorconversion/ColorConverter.cpp"}}, {"deprecated":false, "digest":{"function_hash":"310341208956179683334654377453475759995", "length":2217}, "id":"ASB-A-300476626-acfcebc1", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/aa8298ec8eb903e1e3dd915fa24f32e1aea1f76c", "target":{"file":"media/libstagefright/colorconversion/ColorConverter.cpp", "function":"ColorConverter::convertYUV420Planar16ToY410"}}]}}, {"package":{"name":"platform/frameworks/av", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12:0"}, {"fixed":"12:2024-01-01"}]}], "versions":["12"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/av/+/aa8298ec8eb903e1e3dd915fa24f32e1aea1f76c"], "severity":"High", "spl":"2024-01-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"310341208956179683334654377453475759995", "length":2217}, "id":"ASB-A-300476626-58c836e3", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/aa8298ec8eb903e1e3dd915fa24f32e1aea1f76c", "target":{"file":"media/libstagefright/colorconversion/ColorConverter.cpp", "function":"ColorConverter::convertYUV420Planar16ToY410"}}, {"deprecated":false, "digest":{"line_hashes":["237642773140770629223374241640798591635", "163457611276205963244446981627721032515", "74910921736916105675720479610668199226", "270923727061087968670322124290773998805"], "threshold":0.9}, "id":"ASB-A-300476626-5ac49bf9", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/aa8298ec8eb903e1e3dd915fa24f32e1aea1f76c", "target":{"file":"media/libstagefright/colorconversion/ColorConverter.cpp"}}]}}, {"package":{"name":"platform/frameworks/av", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12L:0"}, {"fixed":"12L:2024-01-01"}]}], "versions":["12L"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/av/+/aa8298ec8eb903e1e3dd915fa24f32e1aea1f76c"], "severity":"High", "spl":"2024-01-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"310341208956179683334654377453475759995", "length":2217}, "id":"ASB-A-300476626-4dc6befc", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/aa8298ec8eb903e1e3dd915fa24f32e1aea1f76c", "target":{"file":"media/libstagefright/colorconversion/ColorConverter.cpp", "function":"ColorConverter::convertYUV420Planar16ToY410"}}, {"deprecated":false, "digest":{"line_hashes":["237642773140770629223374241640798591635", "163457611276205963244446981627721032515", "74910921736916105675720479610668199226", "270923727061087968670322124290773998805"], "threshold":0.9}, "id":"ASB-A-300476626-cf2ff474", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/aa8298ec8eb903e1e3dd915fa24f32e1aea1f76c", "target":{"file":"media/libstagefright/colorconversion/ColorConverter.cpp"}}]}}, {"package":{"name":"platform/frameworks/av", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13:0"}, {"fixed":"13:2024-01-01"}]}], "versions":["13"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/av/+/aa8298ec8eb903e1e3dd915fa24f32e1aea1f76c"], "severity":"High", "spl":"2024-01-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"310341208956179683334654377453475759995", "length":2217}, "id":"ASB-A-300476626-6e28939b", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/aa8298ec8eb903e1e3dd915fa24f32e1aea1f76c", "target":{"file":"media/libstagefright/colorconversion/ColorConverter.cpp", "function":"ColorConverter::convertYUV420Planar16ToY410"}}, {"deprecated":false, "digest":{"line_hashes":["237642773140770629223374241640798591635", "163457611276205963244446981627721032515", "74910921736916105675720479610668199226", "270923727061087968670322124290773998805"], "threshold":0.9}, "id":"ASB-A-300476626-ac7c9d10", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/aa8298ec8eb903e1e3dd915fa24f32e1aea1f76c", "target":{"file":"media/libstagefright/colorconversion/ColorConverter.cpp"}}]}}, {"package":{"name":"platform/frameworks/av", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"14:0"}, {"fixed":"14:2024-01-01"}]}], "versions":["14"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/av/+/aa8298ec8eb903e1e3dd915fa24f32e1aea1f76c"], "severity":"High", "spl":"2024-01-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"310341208956179683334654377453475759995", "length":2217}, "id":"ASB-A-300476626-2fd62a53", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/aa8298ec8eb903e1e3dd915fa24f32e1aea1f76c", "target":{"file":"media/libstagefright/colorconversion/ColorConverter.cpp", "function":"ColorConverter::convertYUV420Planar16ToY410"}}, {"deprecated":false, "digest":{"line_hashes":["237642773140770629223374241640798591635", "163457611276205963244446981627721032515", "74910921736916105675720479610668199226", "270923727061087968670322124290773998805"], "threshold":0.9}, "id":"ASB-A-300476626-69905d61", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/aa8298ec8eb903e1e3dd915fa24f32e1aea1f76c", "target":{"file":"media/libstagefright/colorconversion/ColorConverter.cpp"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2024-01-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/av/+/bf6406041919f67219fd1829438dda28845d4c23"}]}