{"id":"ASB-A-158762825","details":"In sbrDecoder_AssignQmfChannels2SbrChannels of sbrdecoder.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.","aliases":["A-158762825","CVE-2020-0451"],"modified":"2026-04-28T15:17:37.552933Z","published":"2020-11-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2020-11-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/external/aac/+/ffff95538e9994d312ffdfbba94d88ed226ef7bf"}],"affected":[{"package":{"name":"platform/external/aac","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11-next:0"},{"fixed":"11-next:2020-11-01"}]}],"versions":["11-next"],"ecosystem_specific":{"vanir_signatures":[{"signature_version":"v1","signature_type":"Line","source":"https://android.googlesource.com/platform/external/aac/+/b5dfe8f92dd94e91f8391a9dc3d1fa7b0415ece2","target":{"file":"libSBRdec/src/sbrdecoder.cpp"},"id":"ASB-A-158762825-1ff635f7","digest":{"threshold":0.9,"line_hashes":["142422467020648822547703441017879885274","228812615875260181430145982279368256482","176307174465814800197113886399607820925","69107727275503488440861565140721362218","255157361079938928212995141838126577939","160047525827657626340987409945053069165","187671612728043577690739855739978551429","330514005037872735567875913459891428879","220632705698356879282925434135269423181","140419493687440592138380646523291207659","33384198807420518707870173108725082983","270914430008454977006144661128034355017","24948692722044566004490151449656924695"]},"deprecated":false},{"signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/external/aac/+/b5dfe8f92dd94e91f8391a9dc3d1fa7b0415ece2","target":{"function":"sbrDecoder_InitElement","file":"libSBRdec/src/sbrdecoder.cpp"},"id":"ASB-A-158762825-5bea0e10","digest":{"function_hash":"146558201018791035422978077567348319939","length":4310},"deprecated":false}],"types":["RCE"],"fixes":["https://android.googlesource.com/platform/external/aac/+/b5dfe8f92dd94e91f8391a9dc3d1fa7b0415ece2"],"spl":"2020-11-01","severity":"Critical"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-158762825.json"}},{"package":{"name":"platform/external/aac","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"8.0:0"},{"fixed":"8.0:2020-11-01"}]}],"versions":["8.0"],"ecosystem_specific":{"vanir_signatures":[{"signature_version":"v1","signature_type":"Line","source":"https://android.googlesource.com/platform/external/aac/+/50aa5be38870319395ce2ef6f91543e6475e4b97","target":{"file":"libSBRdec/src/sbrdecoder.cpp"},"id":"ASB-A-158762825-00398924","digest":{"threshold":0.9,"line_hashes":["228812615875260181430145982279368256482","176307174465814800197113886399607820925","69107727275503488440861565140721362218","79144432237833794385995381888037130233","151815700922097067393703470540359404549","278065597791376900532215424183280781167","140608842562946831557655018490924436497"]},"deprecated":false},{"signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/external/aac/+/50aa5be38870319395ce2ef6f91543e6475e4b97","target":{"function":"sbrDecoder_InitElement","file":"libSBRdec/src/sbrdecoder.cpp"},"id":"ASB-A-158762825-2f1e9a86","digest":{"function_hash":"236513874519966155411576035832073081180","length":3180},"deprecated":false}],"types":["RCE"],"fixes":["https://android.googlesource.com/platform/external/aac/+/50aa5be38870319395ce2ef6f91543e6475e4b97"],"spl":"2020-11-01","severity":"Critical"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-158762825.json"}},{"package":{"name":"platform/external/aac","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"8.1:0"},{"fixed":"8.1:2020-11-01"}]}],"versions":["8.1"],"ecosystem_specific":{"vanir_signatures":[{"signature_version":"v1","signature_type":"Line","source":"https://android.googlesource.com/platform/external/aac/+/50aa5be38870319395ce2ef6f91543e6475e4b97","target":{"file":"libSBRdec/src/sbrdecoder.cpp"},"id":"ASB-A-158762825-4ee4b0a6","digest":{"threshold":0.9,"line_hashes":["228812615875260181430145982279368256482","176307174465814800197113886399607820925","69107727275503488440861565140721362218","79144432237833794385995381888037130233","151815700922097067393703470540359404549","278065597791376900532215424183280781167","140608842562946831557655018490924436497"]},"deprecated":false},{"signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/external/aac/+/50aa5be38870319395ce2ef6f91543e6475e4b97","target":{"function":"sbrDecoder_InitElement","file":"libSBRdec/src/sbrdecoder.cpp"},"id":"ASB-A-158762825-933ebaa5","digest":{"function_hash":"236513874519966155411576035832073081180","length":3180},"deprecated":false}],"types":["RCE"],"fixes":["https://android.googlesource.com/platform/external/aac/+/50aa5be38870319395ce2ef6f91543e6475e4b97"],"spl":"2020-11-01","severity":"Critical"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-158762825.json"}},{"package":{"name":"platform/external/aac","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"9:0"},{"fixed":"9:2020-11-01"}]}],"versions":["9"],"ecosystem_specific":{"vanir_signatures":[{"signature_version":"v1","signature_type":"Line","source":"https://android.googlesource.com/platform/external/aac/+/c516539a202b08cda8569a9e58c9dc6097450cbe","target":{"file":"libSBRdec/src/sbrdecoder.cpp"},"id":"ASB-A-158762825-1b2eed57","digest":{"threshold":0.9,"line_hashes":["228812615875260181430145982279368256482","176307174465814800197113886399607820925","69107727275503488440861565140721362218","255157361079938928212995141838126577939","160047525827657626340987409945053069165","187671612728043577690739855739978551429","330514005037872735567875913459891428879","220632705698356879282925434135269423181","140419493687440592138380646523291207659","33384198807420518707870173108725082983","270914430008454977006144661128034355017","24948692722044566004490151449656924695"]},"deprecated":false},{"signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/external/aac/+/c516539a202b08cda8569a9e58c9dc6097450cbe","target":{"function":"sbrDecoder_InitElement","file":"libSBRdec/src/sbrdecoder.cpp"},"id":"ASB-A-158762825-ac20c550","digest":{"function_hash":"146558201018791035422978077567348319939","length":4310},"deprecated":false}],"types":["RCE"],"fixes":["https://android.googlesource.com/platform/external/aac/+/c516539a202b08cda8569a9e58c9dc6097450cbe"],"spl":"2020-11-01","severity":"Critical"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-158762825.json"}},{"package":{"name":"platform/external/aac","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"10:0"},{"fixed":"10:2020-11-01"}]}],"versions":["10"],"ecosystem_specific":{"vanir_signatures":[{"signature_version":"v1","signature_type":"Line","source":"https://android.googlesource.com/platform/external/aac/+/c516539a202b08cda8569a9e58c9dc6097450cbe","target":{"file":"libSBRdec/src/sbrdecoder.cpp"},"id":"ASB-A-158762825-039bdc40","digest":{"threshold":0.9,"line_hashes":["228812615875260181430145982279368256482","176307174465814800197113886399607820925","69107727275503488440861565140721362218","255157361079938928212995141838126577939","160047525827657626340987409945053069165","187671612728043577690739855739978551429","330514005037872735567875913459891428879","220632705698356879282925434135269423181","140419493687440592138380646523291207659","33384198807420518707870173108725082983","270914430008454977006144661128034355017","24948692722044566004490151449656924695"]},"deprecated":false},{"signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/external/aac/+/c516539a202b08cda8569a9e58c9dc6097450cbe","target":{"function":"sbrDecoder_InitElement","file":"libSBRdec/src/sbrdecoder.cpp"},"id":"ASB-A-158762825-d403db16","digest":{"function_hash":"146558201018791035422978077567348319939","length":4310},"deprecated":false}],"types":["RCE"],"fixes":["https://android.googlesource.com/platform/external/aac/+/c516539a202b08cda8569a9e58c9dc6097450cbe"],"spl":"2020-11-01","severity":"Critical"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-158762825.json"}},{"package":{"name":"platform/external/aac","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2020-11-01"}]}],"versions":["11"],"ecosystem_specific":{"vanir_signatures":[{"signature_version":"v1","signature_type":"Line","source":"https://android.googlesource.com/platform/external/aac/+/bb8f983bf36ee2ad8af6acebf4823a58060004ab","target":{"file":"libSBRdec/src/sbrdecoder.cpp"},"id":"ASB-A-158762825-2b030bdd","digest":{"threshold":0.9,"line_hashes":["142422467020648822547703441017879885274","228812615875260181430145982279368256482","176307174465814800197113886399607820925","69107727275503488440861565140721362218","255157361079938928212995141838126577939","160047525827657626340987409945053069165","187671612728043577690739855739978551429","330514005037872735567875913459891428879","220632705698356879282925434135269423181","140419493687440592138380646523291207659","33384198807420518707870173108725082983","270914430008454977006144661128034355017","24948692722044566004490151449656924695"]},"deprecated":false},{"signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/external/aac/+/bb8f983bf36ee2ad8af6acebf4823a58060004ab","target":{"function":"sbrDecoder_InitElement","file":"libSBRdec/src/sbrdecoder.cpp"},"id":"ASB-A-158762825-90aa67b9","digest":{"function_hash":"146558201018791035422978077567348319939","length":4310},"deprecated":false}],"types":["RCE"],"fixes":["https://android.googlesource.com/platform/external/aac/+/bb8f983bf36ee2ad8af6acebf4823a58060004ab"],"spl":"2020-11-01","severity":"Critical"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-158762825.json"}}],"schema_version":"1.7.5"}