{"id":"PUB-A-215212561", "published":"2022-06-01T00:00:00Z", "modified":"2026-05-01T15:24:27.653932157Z", "aliases":["CVE-2022-20205", "A-215212561"], "details":"In isFileUri of FileUtil.java, there is a possible way to bypass the check for a file:// scheme due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/packages/apps/Messaging", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12L-next:0"}, {"fixed":"12L-next:2022-06-01"}]}], "versions":["12L-next"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/apps/Messaging/+/ebc64c5bae620cb67808935b0fb61cf2cfce4a9c"], "severity":"Moderate", "spl":"2022-06-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["55151738822368162832341839954082388316", "158532543148131802520662100669517338349", "430341620960188749378931978653877775", "257116361882594476370450298514782839007"], "threshold":0.9}, "id":"PUB-A-215212561-14b8f296", "match_only_versions":["12L-next"], "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Messaging/+/ebc64c5bae620cb67808935b0fb61cf2cfce4a9c", "target":{"file":"src/com/android/messaging/util/ImageUtils.java"}}, {"deprecated":false, "digest":{"function_hash":"328102028242482894970860856334176688375", "length":1153}, "id":"PUB-A-215212561-542b68f1", "match_only_versions":["12L-next"], "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Messaging/+/ebc64c5bae620cb67808935b0fb61cf2cfce4a9c", "target":{"file":"src/com/android/messaging/util/ImageUtils.java", "function":"resizeGifImage"}}, {"deprecated":false, "digest":{"function_hash":"86737825198178567318258606714352033387", "length":202}, "id":"PUB-A-215212561-7fcc2b73", "match_only_versions":["12L-next"], "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Messaging/+/ebc64c5bae620cb67808935b0fb61cf2cfce4a9c", "target":{"file":"src/com/android/messaging/util/FileUtil.java", "function":"isInPrivateDir"}}, {"deprecated":false, "digest":{"function_hash":"279445365553651897327282062363648628144", "length":127}, "id":"PUB-A-215212561-971e8410", "match_only_versions":["12L-next"], "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Messaging/+/ebc64c5bae620cb67808935b0fb61cf2cfce4a9c", "target":{"file":"src/com/android/messaging/util/FileUtil.java", "function":"isFileUri"}}, {"deprecated":false, "digest":{"line_hashes":["301304605707105986568318815528801431508", "247194603926222060554680320145895243998", "145901796073728064701950275761276492152", "6369635545030450401114924997173265369", "232426966261262354398890034281368853349", "334385709999191821037257413146697906683", "98211686701115947148831535440844800138", "272619025638548499545829796009713234427", "91950206126483064770472477229327269451"], "threshold":0.9}, "id":"PUB-A-215212561-b21c21a6", "match_only_versions":["12L-next"], "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Messaging/+/ebc64c5bae620cb67808935b0fb61cf2cfce4a9c", "target":{"file":"src/com/android/messaging/mmslib/pdu/PduPersister.java"}}, {"deprecated":false, "digest":{"line_hashes":["278221800015042108510720358144854156099", "96926762268128381353059792894218726378", "133980779932545692079384517201769998087", "165637699960546409601489629862874630445", "52500540636834501652623066649234039648", "338473651741458288321596832034434836563", "221349403753932766943465425292837114063", "251803775468755073494165601775336491475"], "threshold":0.9}, "id":"PUB-A-215212561-bccd8ddc", "match_only_versions":["12L-next"], "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Messaging/+/ebc64c5bae620cb67808935b0fb61cf2cfce4a9c", "target":{"file":"src/com/android/messaging/util/FileUtil.java"}}, {"deprecated":false, "digest":{"function_hash":"129045183642100473667765870766515312170", "length":1122}, "id":"PUB-A-215212561-c1ef1f80", "match_only_versions":["12L-next"], "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Messaging/+/ebc64c5bae620cb67808935b0fb61cf2cfce4a9c", "target":{"file":"src/com/android/messaging/mmslib/pdu/PduPersister.java", "function":"convertUriToPath"}}]}}, {"package":{"name":"platform/packages/apps/Messaging", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12L:0"}, {"fixed":"12L:2022-06-01"}]}], "versions":["12L"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/apps/Messaging/+/27e27d944b4e923ca9b81e7fdd6744f94cebb508"], "severity":"Moderate", "spl":"2022-06-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"129045183642100473667765870766515312170", "length":1122}, "id":"PUB-A-215212561-140999fa", "match_only_versions":["12L"], "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Messaging/+/27e27d944b4e923ca9b81e7fdd6744f94cebb508", "target":{"file":"src/com/android/messaging/mmslib/pdu/PduPersister.java", "function":"convertUriToPath"}}, {"deprecated":false, "digest":{"line_hashes":["55151738822368162832341839954082388316", "158532543148131802520662100669517338349", "430341620960188749378931978653877775", "257116361882594476370450298514782839007"], "threshold":0.9}, "id":"PUB-A-215212561-33ce77ba", "match_only_versions":["12L"], "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Messaging/+/27e27d944b4e923ca9b81e7fdd6744f94cebb508", "target":{"file":"src/com/android/messaging/util/ImageUtils.java"}}, {"deprecated":false, "digest":{"function_hash":"86737825198178567318258606714352033387", "length":202}, "id":"PUB-A-215212561-3d9c0bb9", "match_only_versions":["12L"], "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Messaging/+/27e27d944b4e923ca9b81e7fdd6744f94cebb508", "target":{"file":"src/com/android/messaging/util/FileUtil.java", "function":"isInPrivateDir"}}, {"deprecated":false, "digest":{"function_hash":"279445365553651897327282062363648628144", "length":127}, "id":"PUB-A-215212561-6b29dc16", "match_only_versions":["12L"], "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Messaging/+/27e27d944b4e923ca9b81e7fdd6744f94cebb508", "target":{"file":"src/com/android/messaging/util/FileUtil.java", "function":"isFileUri"}}, {"deprecated":false, "digest":{"function_hash":"328102028242482894970860856334176688375", "length":1153}, "id":"PUB-A-215212561-cb77d132", "match_only_versions":["12L"], "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Messaging/+/27e27d944b4e923ca9b81e7fdd6744f94cebb508", "target":{"file":"src/com/android/messaging/util/ImageUtils.java", "function":"resizeGifImage"}}, {"deprecated":false, "digest":{"line_hashes":["301304605707105986568318815528801431508", "247194603926222060554680320145895243998", "145901796073728064701950275761276492152", "6369635545030450401114924997173265369", "232426966261262354398890034281368853349", "334385709999191821037257413146697906683", "98211686701115947148831535440844800138", "272619025638548499545829796009713234427", "91950206126483064770472477229327269451"], "threshold":0.9}, "id":"PUB-A-215212561-cf8e7261", "match_only_versions":["12L"], "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Messaging/+/27e27d944b4e923ca9b81e7fdd6744f94cebb508", "target":{"file":"src/com/android/messaging/mmslib/pdu/PduPersister.java"}}, {"deprecated":false, "digest":{"line_hashes":["278221800015042108510720358144854156099", "96926762268128381353059792894218726378", "133980779932545692079384517201769998087", "165637699960546409601489629862874630445", "52500540636834501652623066649234039648", "338473651741458288321596832034434836563", "221349403753932766943465425292837114063", "251803775468755073494165601775336491475"], "threshold":0.9}, "id":"PUB-A-215212561-fce40473", "match_only_versions":["12L"], "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Messaging/+/27e27d944b4e923ca9b81e7fdd6744f94cebb508", "target":{"file":"src/com/android/messaging/util/FileUtil.java"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2022-06-01"}]}