{"id":"ASB-A-156261521","details":"In DecodeImage of dng_lossless_jpeg.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-156261521","CVE-2020-9589"],"modified":"2026-05-27T15:53:17.428190120Z","published":"2020-07-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2020-07-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/external/dng_sdk/+/2e8f1f0dc5ca3db8a7035938752dd230608e17ab"}],"affected":[{"package":{"name":"platform/external/dng_sdk","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"8.0:0"},{"fixed":"8.0:2020-07-01"}]}],"versions":["8.0"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/external/dng_sdk/+/2e8f1f0dc5ca3db8a7035938752dd230608e17ab"],"types":["RCE"],"spl":"2020-07-01","vanir_signatures":[{"deprecated":false,"digest":{"length":6181,"function_hash":"180510715832732769607719343413710777778"},"target":{"function":"dng_lossless_decoder::DecodeImage","file":"source/dng_lossless_jpeg.cpp"},"signature_type":"Function","signature_version":"v1","id":"ASB-A-156261521-62f69bff","source":"https://android.googlesource.com/platform/external/dng_sdk/+/2e8f1f0dc5ca3db8a7035938752dd230608e17ab"},{"deprecated":false,"digest":{"line_hashes":["338554970343322564839010616178851819475","272801659105549350411196054700854906472","303090388783411386435420216672599638637","294107852618224583307778245909416294284","125410299025336720060653319086340062376","336086589352344085007594008884552648507","270397854735675837248995337445782121898","118923780271866762159005859156406164515"],"threshold":0.9},"target":{"file":"source/dng_lossless_jpeg.cpp"},"signature_type":"Line","signature_version":"v1","id":"ASB-A-156261521-ebfa2999","source":"https://android.googlesource.com/platform/external/dng_sdk/+/2e8f1f0dc5ca3db8a7035938752dd230608e17ab"}],"severity":"Critical"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-156261521.json"}},{"package":{"name":"platform/external/dng_sdk","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"8.1:0"},{"fixed":"8.1:2020-07-01"}]}],"versions":["8.1"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/external/dng_sdk/+/2e8f1f0dc5ca3db8a7035938752dd230608e17ab"],"types":["RCE"],"spl":"2020-07-01","vanir_signatures":[{"target":{"function":"dng_lossless_decoder::DecodeImage","file":"source/dng_lossless_jpeg.cpp"},"digest":{"length":6181,"function_hash":"180510715832732769607719343413710777778"},"deprecated":false,"signature_type":"Function","signature_version":"v1","id":"ASB-A-156261521-13caca87","source":"https://android.googlesource.com/platform/external/dng_sdk/+/2e8f1f0dc5ca3db8a7035938752dd230608e17ab"},{"deprecated":false,"digest":{"line_hashes":["338554970343322564839010616178851819475","272801659105549350411196054700854906472","303090388783411386435420216672599638637","294107852618224583307778245909416294284","125410299025336720060653319086340062376","336086589352344085007594008884552648507","270397854735675837248995337445782121898","118923780271866762159005859156406164515"],"threshold":0.9},"target":{"file":"source/dng_lossless_jpeg.cpp"},"signature_type":"Line","signature_version":"v1","id":"ASB-A-156261521-349cc174","source":"https://android.googlesource.com/platform/external/dng_sdk/+/2e8f1f0dc5ca3db8a7035938752dd230608e17ab"}],"severity":"Critical"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-156261521.json"}},{"package":{"name":"platform/external/dng_sdk","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"9:0"},{"fixed":"9:2020-07-01"}]}],"versions":["9"],"ecosystem_specific":{"spl":"2020-07-01","fixes":["https://android.googlesource.com/platform/external/dng_sdk/+/2e8f1f0dc5ca3db8a7035938752dd230608e17ab"],"types":["RCE"],"vanir_signatures":[{"deprecated":false,"digest":{"line_hashes":["338554970343322564839010616178851819475","272801659105549350411196054700854906472","303090388783411386435420216672599638637","294107852618224583307778245909416294284","125410299025336720060653319086340062376","336086589352344085007594008884552648507","270397854735675837248995337445782121898","118923780271866762159005859156406164515"],"threshold":0.9},"target":{"file":"source/dng_lossless_jpeg.cpp"},"signature_type":"Line","signature_version":"v1","id":"ASB-A-156261521-64f966aa","source":"https://android.googlesource.com/platform/external/dng_sdk/+/2e8f1f0dc5ca3db8a7035938752dd230608e17ab"},{"deprecated":false,"digest":{"length":6181,"function_hash":"180510715832732769607719343413710777778"},"target":{"function":"dng_lossless_decoder::DecodeImage","file":"source/dng_lossless_jpeg.cpp"},"signature_type":"Function","signature_version":"v1","id":"ASB-A-156261521-fa771a0e","source":"https://android.googlesource.com/platform/external/dng_sdk/+/2e8f1f0dc5ca3db8a7035938752dd230608e17ab"}],"severity":"Critical"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-156261521.json"}},{"package":{"name":"platform/external/dng_sdk","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"10:0"},{"fixed":"10:2020-07-01"}]}],"versions":["10"],"ecosystem_specific":{"types":["RCE"],"spl":"2020-07-01","fixes":["https://android.googlesource.com/platform/external/dng_sdk/+/2e8f1f0dc5ca3db8a7035938752dd230608e17ab"],"vanir_signatures":[{"deprecated":false,"digest":{"line_hashes":["338554970343322564839010616178851819475","272801659105549350411196054700854906472","303090388783411386435420216672599638637","294107852618224583307778245909416294284","125410299025336720060653319086340062376","336086589352344085007594008884552648507","270397854735675837248995337445782121898","118923780271866762159005859156406164515"],"threshold":0.9},"target":{"file":"source/dng_lossless_jpeg.cpp"},"signature_type":"Line","signature_version":"v1","id":"ASB-A-156261521-3d0dd9b4","source":"https://android.googlesource.com/platform/external/dng_sdk/+/2e8f1f0dc5ca3db8a7035938752dd230608e17ab"},{"deprecated":false,"digest":{"length":6181,"function_hash":"180510715832732769607719343413710777778"},"target":{"function":"dng_lossless_decoder::DecodeImage","file":"source/dng_lossless_jpeg.cpp"},"signature_type":"Function","signature_version":"v1","id":"ASB-A-156261521-efa79fb8","source":"https://android.googlesource.com/platform/external/dng_sdk/+/2e8f1f0dc5ca3db8a7035938752dd230608e17ab"}],"severity":"Critical"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-156261521.json"}}],"schema_version":"1.7.5"}