{"id":"ASB-A-150160041","details":"In Parse_insh of eas_mdls.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote information disclosure in the media extractor with no additional execution privileges needed. User interaction is needed for exploitation.","aliases":["A-150160041","CVE-2020-0385"],"modified":"2026-05-22T15:55:21.353668239Z","published":"2020-09-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2020-09-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/external/sonivox/+/e689e94f3b7473497052e81d906a10a82407e559"}],"affected":[{"package":{"name":"platform/external/sonivox","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"8.0:0"},{"fixed":"8.0:2020-09-01"}]}],"versions":["8.0"],"ecosystem_specific":{"severity":"High","fixes":["https://android.googlesource.com/platform/external/sonivox/+/e689e94f3b7473497052e81d906a10a82407e559"],"vanir_signatures":[{"id":"ASB-A-150160041-58ae45fb","deprecated":false,"target":{"file":"arm-wt-22k/lib_src/eas_mdls.c"},"source":"https://android.googlesource.com/platform/external/sonivox/+/e689e94f3b7473497052e81d906a10a82407e559","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["181829900119039477748077015636613502105","275044922620282737198137493696043620510","161414357728343601533595728216280844945","225226006498603879136487070114940970175","327898272321048511827431997499515651495","195343915250230334822997243566450755159","40372055926465743164709369153025518287","28868159654609936766653126901200468324","80578402922742619994225376658138454899","162651561295090071018388869952279649115","223672488514811391834808779992673668364","76241524776169937808472891474266439374","168400085527804080727041962341408644038","52835498832227710783626282201795988401"]},"signature_type":"Line"},{"deprecated":false,"target":{"file":"arm-wt-22k/lib_src/eas_mdls.c","function":"Parse_lrgn"},"source":"https://android.googlesource.com/platform/external/sonivox/+/e689e94f3b7473497052e81d906a10a82407e559","signature_version":"v1","id":"ASB-A-150160041-8d90d204","digest":{"function_hash":"314843587702427684691367451123225988324","length":824},"signature_type":"Function"},{"deprecated":false,"target":{"file":"arm-wt-22k/lib_src/eas_mdls.c","function":"Parse_rgn"},"source":"https://android.googlesource.com/platform/external/sonivox/+/e689e94f3b7473497052e81d906a10a82407e559","signature_version":"v1","id":"ASB-A-150160041-c45fd484","digest":{"function_hash":"169242754845313623448940926297571908202","length":2457},"signature_type":"Function"},{"deprecated":false,"target":{"file":"arm-wt-22k/lib_src/eas_mdls.c","function":"Parse_ptbl"},"source":"https://android.googlesource.com/platform/external/sonivox/+/e689e94f3b7473497052e81d906a10a82407e559","signature_version":"v1","id":"ASB-A-150160041-e5c73c75","digest":{"function_hash":"70004419322198664562718789362116696242","length":1088},"signature_type":"Function"},{"deprecated":false,"target":{"file":"arm-wt-22k/lib_src/eas_mdls.c","function":"Parse_lins"},"source":"https://android.googlesource.com/platform/external/sonivox/+/e689e94f3b7473497052e81d906a10a82407e559","signature_version":"v1","id":"ASB-A-150160041-ed4b0499","digest":{"length":520,"function_hash":"225007498631071085808511661137921002709"},"signature_type":"Function"}],"types":["ID"],"spl":"2020-09-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-150160041.json"}},{"package":{"name":"platform/external/sonivox","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"8.1:0"},{"fixed":"8.1:2020-09-01"}]}],"versions":["8.1"],"ecosystem_specific":{"severity":"High","fixes":["https://android.googlesource.com/platform/external/sonivox/+/e689e94f3b7473497052e81d906a10a82407e559"],"vanir_signatures":[{"id":"ASB-A-150160041-2d2286a7","deprecated":false,"target":{"file":"arm-wt-22k/lib_src/eas_mdls.c","function":"Parse_lrgn"},"source":"https://android.googlesource.com/platform/external/sonivox/+/e689e94f3b7473497052e81d906a10a82407e559","signature_version":"v1","digest":{"function_hash":"314843587702427684691367451123225988324","length":824},"signature_type":"Function"},{"target":{"file":"arm-wt-22k/lib_src/eas_mdls.c","function":"Parse_lins"},"source":"https://android.googlesource.com/platform/external/sonivox/+/e689e94f3b7473497052e81d906a10a82407e559","signature_version":"v1","id":"ASB-A-150160041-87e05c9b","deprecated":false,"digest":{"function_hash":"225007498631071085808511661137921002709","length":520},"signature_type":"Function"},{"target":{"file":"arm-wt-22k/lib_src/eas_mdls.c","function":"Parse_ptbl"},"source":"https://android.googlesource.com/platform/external/sonivox/+/e689e94f3b7473497052e81d906a10a82407e559","signature_version":"v1","id":"ASB-A-150160041-9b8d484c","deprecated":false,"digest":{"length":1088,"function_hash":"70004419322198664562718789362116696242"},"signature_type":"Function"},{"deprecated":false,"target":{"file":"arm-wt-22k/lib_src/eas_mdls.c","function":"Parse_rgn"},"source":"https://android.googlesource.com/platform/external/sonivox/+/e689e94f3b7473497052e81d906a10a82407e559","signature_version":"v1","id":"ASB-A-150160041-cdd04551","digest":{"function_hash":"169242754845313623448940926297571908202","length":2457},"signature_type":"Function"},{"id":"ASB-A-150160041-d8fc508b","deprecated":false,"target":{"file":"arm-wt-22k/lib_src/eas_mdls.c"},"source":"https://android.googlesource.com/platform/external/sonivox/+/e689e94f3b7473497052e81d906a10a82407e559","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["181829900119039477748077015636613502105","275044922620282737198137493696043620510","161414357728343601533595728216280844945","225226006498603879136487070114940970175","327898272321048511827431997499515651495","195343915250230334822997243566450755159","40372055926465743164709369153025518287","28868159654609936766653126901200468324","80578402922742619994225376658138454899","162651561295090071018388869952279649115","223672488514811391834808779992673668364","76241524776169937808472891474266439374","168400085527804080727041962341408644038","52835498832227710783626282201795988401"]},"signature_type":"Line"}],"types":["ID"],"spl":"2020-09-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-150160041.json"}},{"package":{"name":"platform/external/sonivox","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"9:0"},{"fixed":"9:2020-09-01"}]}],"versions":["9"],"ecosystem_specific":{"severity":"High","fixes":["https://android.googlesource.com/platform/external/sonivox/+/e689e94f3b7473497052e81d906a10a82407e559"],"spl":"2020-09-01","types":["ID"],"vanir_signatures":[{"deprecated":false,"target":{"file":"arm-wt-22k/lib_src/eas_mdls.c"},"source":"https://android.googlesource.com/platform/external/sonivox/+/e689e94f3b7473497052e81d906a10a82407e559","signature_version":"v1","id":"ASB-A-150160041-1e8d10d3","digest":{"threshold":0.9,"line_hashes":["181829900119039477748077015636613502105","275044922620282737198137493696043620510","161414357728343601533595728216280844945","225226006498603879136487070114940970175","327898272321048511827431997499515651495","195343915250230334822997243566450755159","40372055926465743164709369153025518287","28868159654609936766653126901200468324","80578402922742619994225376658138454899","162651561295090071018388869952279649115","223672488514811391834808779992673668364","76241524776169937808472891474266439374","168400085527804080727041962341408644038","52835498832227710783626282201795988401"]},"signature_type":"Line"},{"target":{"file":"arm-wt-22k/lib_src/eas_mdls.c","function":"Parse_ptbl"},"source":"https://android.googlesource.com/platform/external/sonivox/+/e689e94f3b7473497052e81d906a10a82407e559","signature_version":"v1","id":"ASB-A-150160041-235b8be9","deprecated":false,"digest":{"function_hash":"70004419322198664562718789362116696242","length":1088},"signature_type":"Function"},{"signature_version":"v1","id":"ASB-A-150160041-4d407517","deprecated":false,"target":{"file":"arm-wt-22k/lib_src/eas_mdls.c","function":"Parse_rgn"},"source":"https://android.googlesource.com/platform/external/sonivox/+/e689e94f3b7473497052e81d906a10a82407e559","digest":{"function_hash":"169242754845313623448940926297571908202","length":2457},"signature_type":"Function"},{"id":"ASB-A-150160041-701318ab","deprecated":false,"target":{"file":"arm-wt-22k/lib_src/eas_mdls.c","function":"Parse_lrgn"},"source":"https://android.googlesource.com/platform/external/sonivox/+/e689e94f3b7473497052e81d906a10a82407e559","signature_version":"v1","digest":{"function_hash":"314843587702427684691367451123225988324","length":824},"signature_type":"Function"},{"id":"ASB-A-150160041-b466f188","deprecated":false,"target":{"file":"arm-wt-22k/lib_src/eas_mdls.c","function":"Parse_lins"},"source":"https://android.googlesource.com/platform/external/sonivox/+/e689e94f3b7473497052e81d906a10a82407e559","signature_version":"v1","digest":{"length":520,"function_hash":"225007498631071085808511661137921002709"},"signature_type":"Function"}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-150160041.json"}},{"package":{"name":"platform/external/sonivox","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"10:0"},{"fixed":"10:2020-09-01"}]}],"versions":["10"],"ecosystem_specific":{"severity":"High","fixes":["https://android.googlesource.com/platform/external/sonivox/+/e689e94f3b7473497052e81d906a10a82407e559"],"vanir_signatures":[{"source":"https://android.googlesource.com/platform/external/sonivox/+/e689e94f3b7473497052e81d906a10a82407e559","signature_version":"v1","id":"ASB-A-150160041-2f45d6ab","deprecated":false,"target":{"file":"arm-wt-22k/lib_src/eas_mdls.c"},"digest":{"threshold":0.9,"line_hashes":["181829900119039477748077015636613502105","275044922620282737198137493696043620510","161414357728343601533595728216280844945","225226006498603879136487070114940970175","327898272321048511827431997499515651495","195343915250230334822997243566450755159","40372055926465743164709369153025518287","28868159654609936766653126901200468324","80578402922742619994225376658138454899","162651561295090071018388869952279649115","223672488514811391834808779992673668364","76241524776169937808472891474266439374","168400085527804080727041962341408644038","52835498832227710783626282201795988401"]},"signature_type":"Line"},{"signature_version":"v1","id":"ASB-A-150160041-5ba8606c","deprecated":false,"target":{"file":"arm-wt-22k/lib_src/eas_mdls.c","function":"Parse_ptbl"},"source":"https://android.googlesource.com/platform/external/sonivox/+/e689e94f3b7473497052e81d906a10a82407e559","digest":{"length":1088,"function_hash":"70004419322198664562718789362116696242"},"signature_type":"Function"},{"id":"ASB-A-150160041-645f2c13","deprecated":false,"target":{"file":"arm-wt-22k/lib_src/eas_mdls.c","function":"Parse_rgn"},"source":"https://android.googlesource.com/platform/external/sonivox/+/e689e94f3b7473497052e81d906a10a82407e559","signature_version":"v1","digest":{"length":2457,"function_hash":"169242754845313623448940926297571908202"},"signature_type":"Function"},{"id":"ASB-A-150160041-b55dbc92","deprecated":false,"target":{"file":"arm-wt-22k/lib_src/eas_mdls.c","function":"Parse_lrgn"},"source":"https://android.googlesource.com/platform/external/sonivox/+/e689e94f3b7473497052e81d906a10a82407e559","signature_version":"v1","digest":{"length":824,"function_hash":"314843587702427684691367451123225988324"},"signature_type":"Function"},{"target":{"file":"arm-wt-22k/lib_src/eas_mdls.c","function":"Parse_lins"},"source":"https://android.googlesource.com/platform/external/sonivox/+/e689e94f3b7473497052e81d906a10a82407e559","signature_version":"v1","id":"ASB-A-150160041-d1c34010","deprecated":false,"digest":{"length":520,"function_hash":"225007498631071085808511661137921002709"},"signature_type":"Function"}],"types":["ID"],"spl":"2020-09-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-150160041.json"}}],"schema_version":"1.7.5"}