{"id":"ASB-A-150160279","details":"In Parse_ins of eas_mdls.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote information disclosure in the media extractor process with no additional execution privileges needed. User interaction is needed for exploitation.","aliases":["A-150160279","CVE-2020-0383"],"modified":"2026-04-24T15:37:38.793646Z","published":"2020-09-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2020-09-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/external/sonivox/+/e689e94f3b7473497052e81d906a10a82407e559"}],"affected":[{"package":{"name":"platform/external/sonivox","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"8.0:0"},{"fixed":"8.0:2020-09-01"}]}],"versions":["8.0"],"ecosystem_specific":{"severity":"High","vanir_signatures":[{"deprecated":false,"target":{"file":"arm-wt-22k/lib_src/eas_mdls.c"},"id":"ASB-A-150160279-58ae45fb","signature_version":"v1","signature_type":"Line","source":"https://android.googlesource.com/platform/external/sonivox/+/e689e94f3b7473497052e81d906a10a82407e559","digest":{"line_hashes":["181829900119039477748077015636613502105","275044922620282737198137493696043620510","161414357728343601533595728216280844945","225226006498603879136487070114940970175","327898272321048511827431997499515651495","195343915250230334822997243566450755159","40372055926465743164709369153025518287","28868159654609936766653126901200468324","80578402922742619994225376658138454899","162651561295090071018388869952279649115","223672488514811391834808779992673668364","76241524776169937808472891474266439374","168400085527804080727041962341408644038","52835498832227710783626282201795988401"],"threshold":0.9}},{"deprecated":false,"target":{"function":"Parse_lrgn","file":"arm-wt-22k/lib_src/eas_mdls.c"},"id":"ASB-A-150160279-8d90d204","signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/external/sonivox/+/e689e94f3b7473497052e81d906a10a82407e559","digest":{"length":824,"function_hash":"314843587702427684691367451123225988324"}},{"deprecated":false,"target":{"function":"Parse_rgn","file":"arm-wt-22k/lib_src/eas_mdls.c"},"id":"ASB-A-150160279-c45fd484","signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/external/sonivox/+/e689e94f3b7473497052e81d906a10a82407e559","digest":{"length":2457,"function_hash":"169242754845313623448940926297571908202"}},{"deprecated":false,"target":{"function":"Parse_ptbl","file":"arm-wt-22k/lib_src/eas_mdls.c"},"id":"ASB-A-150160279-e5c73c75","signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/external/sonivox/+/e689e94f3b7473497052e81d906a10a82407e559","digest":{"length":1088,"function_hash":"70004419322198664562718789362116696242"}},{"deprecated":false,"target":{"function":"Parse_lins","file":"arm-wt-22k/lib_src/eas_mdls.c"},"id":"ASB-A-150160279-ed4b0499","signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/external/sonivox/+/e689e94f3b7473497052e81d906a10a82407e559","digest":{"length":520,"function_hash":"225007498631071085808511661137921002709"}}],"types":["ID"],"fixes":["https://android.googlesource.com/platform/external/sonivox/+/e689e94f3b7473497052e81d906a10a82407e559"],"spl":"2020-09-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-150160279.json"}},{"package":{"name":"platform/external/sonivox","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"8.1:0"},{"fixed":"8.1:2020-09-01"}]}],"versions":["8.1"],"ecosystem_specific":{"severity":"High","vanir_signatures":[{"deprecated":false,"target":{"function":"Parse_lrgn","file":"arm-wt-22k/lib_src/eas_mdls.c"},"id":"ASB-A-150160279-2d2286a7","signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/external/sonivox/+/e689e94f3b7473497052e81d906a10a82407e559","digest":{"length":824,"function_hash":"314843587702427684691367451123225988324"}},{"deprecated":false,"target":{"function":"Parse_lins","file":"arm-wt-22k/lib_src/eas_mdls.c"},"id":"ASB-A-150160279-87e05c9b","signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/external/sonivox/+/e689e94f3b7473497052e81d906a10a82407e559","digest":{"length":520,"function_hash":"225007498631071085808511661137921002709"}},{"deprecated":false,"target":{"function":"Parse_ptbl","file":"arm-wt-22k/lib_src/eas_mdls.c"},"id":"ASB-A-150160279-9b8d484c","signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/external/sonivox/+/e689e94f3b7473497052e81d906a10a82407e559","digest":{"length":1088,"function_hash":"70004419322198664562718789362116696242"}},{"deprecated":false,"target":{"function":"Parse_rgn","file":"arm-wt-22k/lib_src/eas_mdls.c"},"id":"ASB-A-150160279-cdd04551","signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/external/sonivox/+/e689e94f3b7473497052e81d906a10a82407e559","digest":{"length":2457,"function_hash":"169242754845313623448940926297571908202"}},{"deprecated":false,"target":{"file":"arm-wt-22k/lib_src/eas_mdls.c"},"id":"ASB-A-150160279-d8fc508b","signature_version":"v1","signature_type":"Line","source":"https://android.googlesource.com/platform/external/sonivox/+/e689e94f3b7473497052e81d906a10a82407e559","digest":{"line_hashes":["181829900119039477748077015636613502105","275044922620282737198137493696043620510","161414357728343601533595728216280844945","225226006498603879136487070114940970175","327898272321048511827431997499515651495","195343915250230334822997243566450755159","40372055926465743164709369153025518287","28868159654609936766653126901200468324","80578402922742619994225376658138454899","162651561295090071018388869952279649115","223672488514811391834808779992673668364","76241524776169937808472891474266439374","168400085527804080727041962341408644038","52835498832227710783626282201795988401"],"threshold":0.9}}],"types":["ID"],"fixes":["https://android.googlesource.com/platform/external/sonivox/+/e689e94f3b7473497052e81d906a10a82407e559"],"spl":"2020-09-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-150160279.json"}},{"package":{"name":"platform/external/sonivox","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"9:0"},{"fixed":"9:2020-09-01"}]}],"versions":["9"],"ecosystem_specific":{"severity":"High","vanir_signatures":[{"deprecated":false,"target":{"file":"arm-wt-22k/lib_src/eas_mdls.c"},"id":"ASB-A-150160279-1e8d10d3","signature_version":"v1","signature_type":"Line","source":"https://android.googlesource.com/platform/external/sonivox/+/e689e94f3b7473497052e81d906a10a82407e559","digest":{"line_hashes":["181829900119039477748077015636613502105","275044922620282737198137493696043620510","161414357728343601533595728216280844945","225226006498603879136487070114940970175","327898272321048511827431997499515651495","195343915250230334822997243566450755159","40372055926465743164709369153025518287","28868159654609936766653126901200468324","80578402922742619994225376658138454899","162651561295090071018388869952279649115","223672488514811391834808779992673668364","76241524776169937808472891474266439374","168400085527804080727041962341408644038","52835498832227710783626282201795988401"],"threshold":0.9}},{"deprecated":false,"target":{"function":"Parse_ptbl","file":"arm-wt-22k/lib_src/eas_mdls.c"},"id":"ASB-A-150160279-235b8be9","signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/external/sonivox/+/e689e94f3b7473497052e81d906a10a82407e559","digest":{"length":1088,"function_hash":"70004419322198664562718789362116696242"}},{"deprecated":false,"target":{"function":"Parse_rgn","file":"arm-wt-22k/lib_src/eas_mdls.c"},"id":"ASB-A-150160279-4d407517","signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/external/sonivox/+/e689e94f3b7473497052e81d906a10a82407e559","digest":{"length":2457,"function_hash":"169242754845313623448940926297571908202"}},{"deprecated":false,"target":{"function":"Parse_lrgn","file":"arm-wt-22k/lib_src/eas_mdls.c"},"id":"ASB-A-150160279-701318ab","signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/external/sonivox/+/e689e94f3b7473497052e81d906a10a82407e559","digest":{"length":824,"function_hash":"314843587702427684691367451123225988324"}},{"deprecated":false,"target":{"function":"Parse_lins","file":"arm-wt-22k/lib_src/eas_mdls.c"},"id":"ASB-A-150160279-b466f188","signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/external/sonivox/+/e689e94f3b7473497052e81d906a10a82407e559","digest":{"length":520,"function_hash":"225007498631071085808511661137921002709"}}],"types":["ID"],"fixes":["https://android.googlesource.com/platform/external/sonivox/+/e689e94f3b7473497052e81d906a10a82407e559"],"spl":"2020-09-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-150160279.json"}},{"package":{"name":"platform/external/sonivox","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"10:0"},{"fixed":"10:2020-09-01"}]}],"versions":["10"],"ecosystem_specific":{"severity":"High","vanir_signatures":[{"deprecated":false,"target":{"file":"arm-wt-22k/lib_src/eas_mdls.c"},"id":"ASB-A-150160279-2f45d6ab","signature_version":"v1","signature_type":"Line","source":"https://android.googlesource.com/platform/external/sonivox/+/e689e94f3b7473497052e81d906a10a82407e559","digest":{"line_hashes":["181829900119039477748077015636613502105","275044922620282737198137493696043620510","161414357728343601533595728216280844945","225226006498603879136487070114940970175","327898272321048511827431997499515651495","195343915250230334822997243566450755159","40372055926465743164709369153025518287","28868159654609936766653126901200468324","80578402922742619994225376658138454899","162651561295090071018388869952279649115","223672488514811391834808779992673668364","76241524776169937808472891474266439374","168400085527804080727041962341408644038","52835498832227710783626282201795988401"],"threshold":0.9}},{"deprecated":false,"target":{"function":"Parse_ptbl","file":"arm-wt-22k/lib_src/eas_mdls.c"},"id":"ASB-A-150160279-5ba8606c","signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/external/sonivox/+/e689e94f3b7473497052e81d906a10a82407e559","digest":{"length":1088,"function_hash":"70004419322198664562718789362116696242"}},{"deprecated":false,"target":{"function":"Parse_rgn","file":"arm-wt-22k/lib_src/eas_mdls.c"},"id":"ASB-A-150160279-645f2c13","signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/external/sonivox/+/e689e94f3b7473497052e81d906a10a82407e559","digest":{"length":2457,"function_hash":"169242754845313623448940926297571908202"}},{"deprecated":false,"target":{"function":"Parse_lrgn","file":"arm-wt-22k/lib_src/eas_mdls.c"},"id":"ASB-A-150160279-b55dbc92","signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/external/sonivox/+/e689e94f3b7473497052e81d906a10a82407e559","digest":{"length":824,"function_hash":"314843587702427684691367451123225988324"}},{"deprecated":false,"target":{"function":"Parse_lins","file":"arm-wt-22k/lib_src/eas_mdls.c"},"id":"ASB-A-150160279-d1c34010","signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/external/sonivox/+/e689e94f3b7473497052e81d906a10a82407e559","digest":{"length":520,"function_hash":"225007498631071085808511661137921002709"}}],"types":["ID"],"fixes":["https://android.googlesource.com/platform/external/sonivox/+/e689e94f3b7473497052e81d906a10a82407e559"],"spl":"2020-09-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-150160279.json"}}],"schema_version":"1.7.5"}