{"id":"ASB-A-194105348","details":"In doRead of SimpleDecodingSource.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-194105348","CVE-2021-39623"],"modified":"2026-04-17T15:55:28.020024Z","published":"2022-01-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2022-01-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/av/+/5753afcd4c87f5566f4014cce1cbc8d767572331"}],"affected":[{"package":{"name":"platform/frameworks/av","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"9:0"},{"fixed":"9:2022-01-01"}]}],"versions":["9"],"ecosystem_specific":{"spl":"2022-01-01","vanir_signatures":[{"id":"ASB-A-194105348-a82dfb2a","digest":{"threshold":0.9,"line_hashes":["21298674559739522716663132558905044460","140943448012365925217150415395311434638","205320690314546211490075199087570849147","131635696419669003825077433962650953051","164285219222422202574875394355822091417","142882913612614449159423182020148538132","224833746896947474847330933807946234716","174583971568473067394717129364842239307","7130574876230588183313328964725597953","51815506638615233247756369101857361788","54391406247251276066504539965105774569","216848133821975927160624758625423966287","324917818042274525789830196672894660515"]},"source":"https://android.googlesource.com/platform/frameworks/av/+/f3590a1b18d8cde4ac1cbc135c1022816096438d","signature_type":"Line","deprecated":false,"target":{"file":"media/libstagefright/SimpleDecodingSource.cpp"},"signature_version":"v1"},{"id":"ASB-A-194105348-cad5bdf0","digest":{"function_hash":"255279066177423510200054408892820060812","length":4164},"source":"https://android.googlesource.com/platform/frameworks/av/+/f3590a1b18d8cde4ac1cbc135c1022816096438d","signature_type":"Function","deprecated":false,"target":{"function":"SimpleDecodingSource::doRead","file":"media/libstagefright/SimpleDecodingSource.cpp"},"signature_version":"v1"}],"types":["EoP"],"severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/av/+/f3590a1b18d8cde4ac1cbc135c1022816096438d"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-194105348.json"}},{"package":{"name":"platform/frameworks/av","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"10:0"},{"fixed":"10:2022-01-01"}]}],"versions":["10"],"ecosystem_specific":{"spl":"2022-01-01","vanir_signatures":[{"id":"ASB-A-194105348-8980819e","digest":{"function_hash":"255279066177423510200054408892820060812","length":4164},"source":"https://android.googlesource.com/platform/frameworks/av/+/f3590a1b18d8cde4ac1cbc135c1022816096438d","signature_type":"Function","deprecated":false,"target":{"function":"SimpleDecodingSource::doRead","file":"media/libstagefright/SimpleDecodingSource.cpp"},"signature_version":"v1"},{"id":"ASB-A-194105348-8b160cd4","digest":{"threshold":0.9,"line_hashes":["21298674559739522716663132558905044460","140943448012365925217150415395311434638","205320690314546211490075199087570849147","131635696419669003825077433962650953051","164285219222422202574875394355822091417","142882913612614449159423182020148538132","224833746896947474847330933807946234716","174583971568473067394717129364842239307","7130574876230588183313328964725597953","51815506638615233247756369101857361788","54391406247251276066504539965105774569","216848133821975927160624758625423966287","324917818042274525789830196672894660515"]},"source":"https://android.googlesource.com/platform/frameworks/av/+/f3590a1b18d8cde4ac1cbc135c1022816096438d","signature_type":"Line","deprecated":false,"target":{"file":"media/libstagefright/SimpleDecodingSource.cpp"},"signature_version":"v1"}],"types":["EoP"],"severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/av/+/f3590a1b18d8cde4ac1cbc135c1022816096438d"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-194105348.json"}},{"package":{"name":"platform/frameworks/av","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2022-01-01"}]}],"versions":["11"],"ecosystem_specific":{"spl":"2022-01-01","vanir_signatures":[{"id":"ASB-A-194105348-142dd7d3","digest":{"threshold":0.9,"line_hashes":["21298674559739522716663132558905044460","140943448012365925217150415395311434638","205320690314546211490075199087570849147","131635696419669003825077433962650953051","164285219222422202574875394355822091417","142882913612614449159423182020148538132","224833746896947474847330933807946234716","174583971568473067394717129364842239307","7130574876230588183313328964725597953","51815506638615233247756369101857361788","54391406247251276066504539965105774569","216848133821975927160624758625423966287","324917818042274525789830196672894660515"]},"source":"https://android.googlesource.com/platform/frameworks/av/+/f3590a1b18d8cde4ac1cbc135c1022816096438d","signature_type":"Line","deprecated":false,"target":{"file":"media/libstagefright/SimpleDecodingSource.cpp"},"signature_version":"v1"},{"id":"ASB-A-194105348-d4ecfc36","digest":{"function_hash":"255279066177423510200054408892820060812","length":4164},"source":"https://android.googlesource.com/platform/frameworks/av/+/f3590a1b18d8cde4ac1cbc135c1022816096438d","signature_type":"Function","deprecated":false,"target":{"function":"SimpleDecodingSource::doRead","file":"media/libstagefright/SimpleDecodingSource.cpp"},"signature_version":"v1"}],"types":["EoP"],"severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/av/+/f3590a1b18d8cde4ac1cbc135c1022816096438d"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-194105348.json"}},{"package":{"name":"platform/frameworks/av","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2022-01-01"}]}],"versions":["12"],"ecosystem_specific":{"spl":"2022-01-01","vanir_signatures":[{"id":"ASB-A-194105348-578e6cc5","digest":{"threshold":0.9,"line_hashes":["21298674559739522716663132558905044460","140943448012365925217150415395311434638","205320690314546211490075199087570849147","131635696419669003825077433962650953051","164285219222422202574875394355822091417","142882913612614449159423182020148538132","224833746896947474847330933807946234716","174583971568473067394717129364842239307","7130574876230588183313328964725597953","51815506638615233247756369101857361788","54391406247251276066504539965105774569","216848133821975927160624758625423966287","324917818042274525789830196672894660515"]},"source":"https://android.googlesource.com/platform/frameworks/av/+/f3590a1b18d8cde4ac1cbc135c1022816096438d","signature_type":"Line","deprecated":false,"target":{"file":"media/libstagefright/SimpleDecodingSource.cpp"},"signature_version":"v1"},{"id":"ASB-A-194105348-df1af815","digest":{"function_hash":"255279066177423510200054408892820060812","length":4164},"source":"https://android.googlesource.com/platform/frameworks/av/+/f3590a1b18d8cde4ac1cbc135c1022816096438d","signature_type":"Function","deprecated":false,"target":{"function":"SimpleDecodingSource::doRead","file":"media/libstagefright/SimpleDecodingSource.cpp"},"signature_version":"v1"}],"types":["EoP"],"severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/av/+/f3590a1b18d8cde4ac1cbc135c1022816096438d"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-194105348.json"}}],"schema_version":"1.7.5"}