{"id":"ASB-A-134155286","details":"In parseNextBox of IsoInterface.java, there is a possible leak of unredacted location information due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.","aliases":["A-134155286","CVE-2021-0340"],"modified":"2026-04-17T15:55:28.020024Z","published":"2021-02-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2021-02-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/f44d9bc12acec4e7ad42b441817a99bd2223d062"}],"affected":[{"package":{"name":"platform/packages/providers/MediaProvider","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"10:0"},{"fixed":"10:2021-02-01"}]}],"versions":["10"],"ecosystem_specific":{"types":["EoP"],"spl":"2021-02-01","fixes":["https://android.googlesource.com/platform/packages/providers/MediaProvider/+/f44d9bc12acec4e7ad42b441817a99bd2223d062"],"severity":"High","vanir_signatures":[{"digest":{"length":259,"function_hash":"292035518786695679611601214141772954645"},"signature_type":"Function","target":{"file":"src/com/android/providers/media/util/IsoInterface.java","function":"getBoxRanges"},"source":"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/f44d9bc12acec4e7ad42b441817a99bd2223d062","signature_version":"v1","id":"ASB-A-134155286-0543be66","deprecated":false},{"digest":{"length":322,"function_hash":"279875244508214158471090146322426083267"},"signature_type":"Function","target":{"file":"src/com/android/providers/media/util/IsoInterface.java","function":"getBoxRanges"},"source":"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/f44d9bc12acec4e7ad42b441817a99bd2223d062","signature_version":"v1","id":"ASB-A-134155286-6b3a7250","deprecated":false},{"digest":{"line_hashes":["268228758324390843414162383629943262667","106338333825327345674694979215745296474","20617389075434722900938900761281305537","307848035738450406711454791370038662582","175365076456104223585458988653860681284","106849254300876817969330532508216580060","201546203449102052165792626115078039333","167652294591899820989795277070630001617","39529703296118730778687213854969934619","176259973595900665236849395181218608677","277041973508598932975667832005386779268","48595783937967688938337794653923676855","78631325385833800313975208451133506107","35660118512784878135574227569014596835","6174244611368907474923183998748343973","317168480241663186866395844170933289051","331892373634461526138033623284446318558","228040401130877982012432210847814486485","41984686234759110752386392470932845580","317577682397241759969128330488387233015","91663297808789087512723682423054076623","179914996054761131219628305468329028875","340071206681421262920555336381456713881","61132471900648225448498102710330067631","142634712158492898982632769578073260442","109679768470731038603863163077077217636","280402400331865991295527157519095904636","56688264451942779458275246892433730335","149853932559917961143732516947134051502","42088633993235300641377534467577896743","182242129488127606159270642858688186339","121388775180067699925999175033912648291","238729589240195187320018869417974569586","124583692822165832255441251201059865490","292862642233992591664682773388325806668","229234917573231479241246948638286275894","63843711104405186234463960877396894794","230814030703340725493856260296889839429","90390447539797438512567815924724813641","55943645370655447664463134085379305613","142170747817581839761482439530223542203","45890547343712454070374101585998039162","91677465009324693598163393623193498379","44725737040032930672509640592668051356","33149591675479828298259234679611297004"],"threshold":0.9},"signature_type":"Line","target":{"file":"src/com/android/providers/media/util/IsoInterface.java"},"source":"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/f44d9bc12acec4e7ad42b441817a99bd2223d062","signature_version":"v1","id":"ASB-A-134155286-6e20908c","deprecated":false},{"digest":{"length":1409,"function_hash":"311809117040377395518855713665076758187"},"signature_type":"Function","target":{"file":"src/com/android/providers/media/util/IsoInterface.java","function":"parseNextBox"},"source":"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/f44d9bc12acec4e7ad42b441817a99bd2223d062","signature_version":"v1","id":"ASB-A-134155286-fc7098be","deprecated":false}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-134155286.json"}},{"package":{"name":"platform/packages/providers/MediaProvider","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2021-02-01"}]}],"versions":["11"],"ecosystem_specific":{"types":["EoP"],"spl":"2021-02-01","fixes":["https://android.googlesource.com/platform/packages/providers/MediaProvider/+/f44d9bc12acec4e7ad42b441817a99bd2223d062"],"severity":"High","vanir_signatures":[{"digest":{"line_hashes":["268228758324390843414162383629943262667","106338333825327345674694979215745296474","20617389075434722900938900761281305537","307848035738450406711454791370038662582","175365076456104223585458988653860681284","106849254300876817969330532508216580060","201546203449102052165792626115078039333","167652294591899820989795277070630001617","39529703296118730778687213854969934619","176259973595900665236849395181218608677","277041973508598932975667832005386779268","48595783937967688938337794653923676855","78631325385833800313975208451133506107","35660118512784878135574227569014596835","6174244611368907474923183998748343973","317168480241663186866395844170933289051","331892373634461526138033623284446318558","228040401130877982012432210847814486485","41984686234759110752386392470932845580","317577682397241759969128330488387233015","91663297808789087512723682423054076623","179914996054761131219628305468329028875","340071206681421262920555336381456713881","61132471900648225448498102710330067631","142634712158492898982632769578073260442","109679768470731038603863163077077217636","280402400331865991295527157519095904636","56688264451942779458275246892433730335","149853932559917961143732516947134051502","42088633993235300641377534467577896743","182242129488127606159270642858688186339","121388775180067699925999175033912648291","238729589240195187320018869417974569586","124583692822165832255441251201059865490","292862642233992591664682773388325806668","229234917573231479241246948638286275894","63843711104405186234463960877396894794","230814030703340725493856260296889839429","90390447539797438512567815924724813641","55943645370655447664463134085379305613","142170747817581839761482439530223542203","45890547343712454070374101585998039162","91677465009324693598163393623193498379","44725737040032930672509640592668051356","33149591675479828298259234679611297004"],"threshold":0.9},"signature_type":"Line","target":{"file":"src/com/android/providers/media/util/IsoInterface.java"},"source":"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/f44d9bc12acec4e7ad42b441817a99bd2223d062","signature_version":"v1","id":"ASB-A-134155286-013d5d77","deprecated":false},{"digest":{"length":259,"function_hash":"292035518786695679611601214141772954645"},"signature_type":"Function","target":{"file":"src/com/android/providers/media/util/IsoInterface.java","function":"getBoxRanges"},"source":"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/f44d9bc12acec4e7ad42b441817a99bd2223d062","signature_version":"v1","id":"ASB-A-134155286-2fdbcc70","deprecated":false},{"digest":{"length":1409,"function_hash":"311809117040377395518855713665076758187"},"signature_type":"Function","target":{"file":"src/com/android/providers/media/util/IsoInterface.java","function":"parseNextBox"},"source":"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/f44d9bc12acec4e7ad42b441817a99bd2223d062","signature_version":"v1","id":"ASB-A-134155286-6deda4dc","deprecated":false},{"digest":{"length":322,"function_hash":"279875244508214158471090146322426083267"},"signature_type":"Function","target":{"file":"src/com/android/providers/media/util/IsoInterface.java","function":"getBoxRanges"},"source":"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/f44d9bc12acec4e7ad42b441817a99bd2223d062","signature_version":"v1","id":"ASB-A-134155286-946f0e1d","deprecated":false}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-134155286.json"}}],"schema_version":"1.7.5"}