{"id":"ASB-A-152496149","details":"In DecodeFrameCombinedMode of combined_decode.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.","aliases":["A-152496149","CVE-2020-0245"],"modified":"2026-05-25T16:46:24.913870386Z","published":"2020-09-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2020-09-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/av/+/b875a5fe0db2e2d4bf44746bb8ca4dc1e959925e"}],"affected":[{"package":{"name":"platform/frameworks/av","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"8.0:0"},{"fixed":"8.0:2020-09-01"}]}],"versions":["8.0"],"ecosystem_specific":{"vanir_signatures":[{"source":"https://android.googlesource.com/platform/frameworks/av/+/b875a5fe0db2e2d4bf44746bb8ca4dc1e959925e","id":"ASB-A-152496149-58887e11","signature_version":"v1","signature_type":"Line","digest":{"line_hashes":["334726445611040651805308518657547502328","302165643461263201211534998004767159937","226269220506570919067913862504097789007","207993031518915275674796219289714529616","61525047071483516889569781706181810859","70006150308981293561223273089275553736","256576577570968665084339381138057802861"],"threshold":0.9},"deprecated":false,"target":{"file":"media/libstagefright/codecs/m4v_h263/dec/src/vop.cpp"}},{"source":"https://android.googlesource.com/platform/frameworks/av/+/b875a5fe0db2e2d4bf44746bb8ca4dc1e959925e","id":"ASB-A-152496149-a3763bb8","signature_version":"v1","signature_type":"Function","digest":{"length":10648,"function_hash":"288748447126358271450202249967440015477"},"deprecated":false,"target":{"function":"DecodeVOLHeader","file":"media/libstagefright/codecs/m4v_h263/dec/src/vop.cpp"}}],"types":["RCE"],"severity":"Critical","fixes":["https://android.googlesource.com/platform/frameworks/av/+/b875a5fe0db2e2d4bf44746bb8ca4dc1e959925e"],"spl":"2020-09-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-152496149.json"}},{"package":{"name":"platform/frameworks/av","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"8.1:0"},{"fixed":"8.1:2020-09-01"}]}],"versions":["8.1"],"ecosystem_specific":{"vanir_signatures":[{"source":"https://android.googlesource.com/platform/frameworks/av/+/b875a5fe0db2e2d4bf44746bb8ca4dc1e959925e","id":"ASB-A-152496149-02beaeb9","signature_version":"v1","signature_type":"Line","digest":{"line_hashes":["334726445611040651805308518657547502328","302165643461263201211534998004767159937","226269220506570919067913862504097789007","207993031518915275674796219289714529616","61525047071483516889569781706181810859","70006150308981293561223273089275553736","256576577570968665084339381138057802861"],"threshold":0.9},"deprecated":false,"target":{"file":"media/libstagefright/codecs/m4v_h263/dec/src/vop.cpp"}},{"source":"https://android.googlesource.com/platform/frameworks/av/+/b875a5fe0db2e2d4bf44746bb8ca4dc1e959925e","id":"ASB-A-152496149-deddc686","signature_version":"v1","signature_type":"Function","digest":{"length":10648,"function_hash":"288748447126358271450202249967440015477"},"deprecated":false,"target":{"function":"DecodeVOLHeader","file":"media/libstagefright/codecs/m4v_h263/dec/src/vop.cpp"}}],"types":["RCE"],"severity":"Critical","fixes":["https://android.googlesource.com/platform/frameworks/av/+/b875a5fe0db2e2d4bf44746bb8ca4dc1e959925e"],"spl":"2020-09-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-152496149.json"}},{"package":{"name":"platform/frameworks/av","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"9:0"},{"fixed":"9:2020-09-01"}]}],"versions":["9"],"ecosystem_specific":{"vanir_signatures":[{"source":"https://android.googlesource.com/platform/frameworks/av/+/b875a5fe0db2e2d4bf44746bb8ca4dc1e959925e","id":"ASB-A-152496149-21ce42d7","signature_version":"v1","signature_type":"Function","target":{"function":"DecodeVOLHeader","file":"media/libstagefright/codecs/m4v_h263/dec/src/vop.cpp"},"digest":{"length":10648,"function_hash":"288748447126358271450202249967440015477"},"deprecated":false},{"source":"https://android.googlesource.com/platform/frameworks/av/+/b875a5fe0db2e2d4bf44746bb8ca4dc1e959925e","id":"ASB-A-152496149-b385b279","signature_version":"v1","signature_type":"Line","digest":{"line_hashes":["334726445611040651805308518657547502328","302165643461263201211534998004767159937","226269220506570919067913862504097789007","207993031518915275674796219289714529616","61525047071483516889569781706181810859","70006150308981293561223273089275553736","256576577570968665084339381138057802861"],"threshold":0.9},"deprecated":false,"target":{"file":"media/libstagefright/codecs/m4v_h263/dec/src/vop.cpp"}}],"types":["RCE"],"severity":"Critical","fixes":["https://android.googlesource.com/platform/frameworks/av/+/b875a5fe0db2e2d4bf44746bb8ca4dc1e959925e"],"spl":"2020-09-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-152496149.json"}},{"package":{"name":"platform/frameworks/av","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"10:0"},{"fixed":"10:2020-09-01"}]}],"versions":["10"],"ecosystem_specific":{"vanir_signatures":[{"source":"https://android.googlesource.com/platform/frameworks/av/+/b875a5fe0db2e2d4bf44746bb8ca4dc1e959925e","id":"ASB-A-152496149-410df9d8","signature_version":"v1","signature_type":"Line","digest":{"line_hashes":["334726445611040651805308518657547502328","302165643461263201211534998004767159937","226269220506570919067913862504097789007","207993031518915275674796219289714529616","61525047071483516889569781706181810859","70006150308981293561223273089275553736","256576577570968665084339381138057802861"],"threshold":0.9},"deprecated":false,"target":{"file":"media/libstagefright/codecs/m4v_h263/dec/src/vop.cpp"}},{"source":"https://android.googlesource.com/platform/frameworks/av/+/b875a5fe0db2e2d4bf44746bb8ca4dc1e959925e","id":"ASB-A-152496149-6720f5a7","signature_version":"v1","signature_type":"Function","digest":{"length":10648,"function_hash":"288748447126358271450202249967440015477"},"deprecated":false,"target":{"function":"DecodeVOLHeader","file":"media/libstagefright/codecs/m4v_h263/dec/src/vop.cpp"}}],"types":["ID"],"severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/av/+/b875a5fe0db2e2d4bf44746bb8ca4dc1e959925e"],"spl":"2020-09-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-152496149.json"}}],"schema_version":"1.7.5"}