{"id":"ASB-A-195748381","details":"In doCropPhoto of PhotoSelectionHandler.java, there is a possible permission bypass due to a confused deputy. This could lead to local information disclosure of user's contacts with no additional execution privileges needed. User interaction is needed for exploitation.","aliases":["A-195748381","CVE-2021-0952"],"modified":"2026-04-17T15:55:28.020024Z","published":"2021-12-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2021-12-01"}],"affected":[{"package":{"name":"platform/packages/apps/Contacts","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"9:0"},{"fixed":"9:2021-12-01"}]}],"versions":["9"],"ecosystem_specific":{"types":["ID"],"severity":"High","fixes":["https://android.googlesource.com/platform/packages/apps/Contacts/+/8b19ca470847f5f77d5b2e5dd086aae9ad4ea389"],"vanir_signatures":[{"digest":{"length":1819,"function_hash":"33710228034365950587107242472375266098"},"source":"https://android.googlesource.com/platform/packages/apps/Contacts/+/8b19ca470847f5f77d5b2e5dd086aae9ad4ea389","signature_type":"Function","target":{"file":"src/com/android/contacts/activities/AttachPhotoActivity.java","function":"onActivityResult"},"deprecated":false,"signature_version":"v1","id":"ASB-A-195748381-130309fb"},{"digest":{"length":658,"function_hash":"314418117801851775801355691785811246598"},"source":"https://android.googlesource.com/platform/packages/apps/Contacts/+/8b19ca470847f5f77d5b2e5dd086aae9ad4ea389","signature_type":"Function","target":{"file":"src/com/android/contacts/detail/PhotoSelectionHandler.java","function":"doCropPhoto"},"deprecated":false,"signature_version":"v1","id":"ASB-A-195748381-150a3476"},{"digest":{"line_hashes":["297009647437187288351312534496057984541","38469369907873177461087543694196245761","321415984954187660629236682543188182871","272054503843800643377983096657675118706","211243339119699819273234614350551707603","230090811574423055686942903894849481240","180186510685095853057110917444232057232","102675008360826615964887147173645430316","18201849733337273009001638995212369039","309206389203258398850708434217568906961","103651622964447416465088003270726011314","160887830718248784768962514539007960381","35995487625435595485094658060379210616","75986618999617851885806937119284027442","261279452738273431249761987130227645760"],"threshold":0.9},"source":"https://android.googlesource.com/platform/packages/apps/Contacts/+/8b19ca470847f5f77d5b2e5dd086aae9ad4ea389","signature_type":"Line","target":{"file":"src/com/android/contacts/detail/PhotoSelectionHandler.java"},"deprecated":false,"signature_version":"v1","id":"ASB-A-195748381-747d2d82"},{"digest":{"length":173,"function_hash":"179677790373120952691248773781147594472"},"source":"https://android.googlesource.com/platform/packages/apps/Contacts/+/8b19ca470847f5f77d5b2e5dd086aae9ad4ea389","signature_type":"Function","target":{"file":"src/com/android/contacts/activities/AttachPhotoActivity.java","function":"hasIntentHandler"},"deprecated":false,"signature_version":"v1","id":"ASB-A-195748381-9085cbd7"},{"digest":{"length":184,"function_hash":"297298836795236935448087114931872793637"},"source":"https://android.googlesource.com/platform/packages/apps/Contacts/+/8b19ca470847f5f77d5b2e5dd086aae9ad4ea389","signature_type":"Function","target":{"file":"src/com/android/contacts/detail/PhotoSelectionHandler.java","function":"hasIntentHandler"},"deprecated":false,"signature_version":"v1","id":"ASB-A-195748381-b947400e"},{"digest":{"line_hashes":["223278207680195898951512275945111873585","244089033526537708944594960841179992814","63334131810626954617180635434969915156","323222867625324388110637694425113564436","312524547105340884440092928648807911551","244133901288040665864098417729068874748","100044497615972359408504530620295725419","210307963315060544596413630958488474882","307761566645295474480670835374025477452","325337384810327391145065627446683500717","60726150914499607586060425792476400273","163652942217467545884249545905377635004","69691961966343907956262108305030078463","135297140287006104911559077189726871358"],"threshold":0.9},"source":"https://android.googlesource.com/platform/packages/apps/Contacts/+/8b19ca470847f5f77d5b2e5dd086aae9ad4ea389","signature_type":"Line","target":{"file":"src/com/android/contacts/activities/AttachPhotoActivity.java"},"deprecated":false,"signature_version":"v1","id":"ASB-A-195748381-f3f2b5de"}],"spl":"2021-12-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-195748381.json"}},{"package":{"name":"platform/packages/apps/Contacts","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"10:0"},{"fixed":"10:2021-12-01"}]}],"versions":["10"],"ecosystem_specific":{"types":["ID"],"severity":"High","fixes":["https://android.googlesource.com/platform/packages/apps/Contacts/+/8b19ca470847f5f77d5b2e5dd086aae9ad4ea389"],"vanir_signatures":[{"digest":{"length":184,"function_hash":"297298836795236935448087114931872793637"},"source":"https://android.googlesource.com/platform/packages/apps/Contacts/+/8b19ca470847f5f77d5b2e5dd086aae9ad4ea389","signature_type":"Function","target":{"file":"src/com/android/contacts/detail/PhotoSelectionHandler.java","function":"hasIntentHandler"},"deprecated":false,"signature_version":"v1","id":"ASB-A-195748381-03e52fdb"},{"digest":{"length":173,"function_hash":"179677790373120952691248773781147594472"},"source":"https://android.googlesource.com/platform/packages/apps/Contacts/+/8b19ca470847f5f77d5b2e5dd086aae9ad4ea389","signature_type":"Function","target":{"file":"src/com/android/contacts/activities/AttachPhotoActivity.java","function":"hasIntentHandler"},"deprecated":false,"signature_version":"v1","id":"ASB-A-195748381-15e7b106"},{"digest":{"length":658,"function_hash":"314418117801851775801355691785811246598"},"source":"https://android.googlesource.com/platform/packages/apps/Contacts/+/8b19ca470847f5f77d5b2e5dd086aae9ad4ea389","signature_type":"Function","target":{"file":"src/com/android/contacts/detail/PhotoSelectionHandler.java","function":"doCropPhoto"},"deprecated":false,"signature_version":"v1","id":"ASB-A-195748381-5a488543"},{"digest":{"line_hashes":["297009647437187288351312534496057984541","38469369907873177461087543694196245761","321415984954187660629236682543188182871","272054503843800643377983096657675118706","211243339119699819273234614350551707603","230090811574423055686942903894849481240","180186510685095853057110917444232057232","102675008360826615964887147173645430316","18201849733337273009001638995212369039","309206389203258398850708434217568906961","103651622964447416465088003270726011314","160887830718248784768962514539007960381","35995487625435595485094658060379210616","75986618999617851885806937119284027442","261279452738273431249761987130227645760"],"threshold":0.9},"source":"https://android.googlesource.com/platform/packages/apps/Contacts/+/8b19ca470847f5f77d5b2e5dd086aae9ad4ea389","signature_type":"Line","target":{"file":"src/com/android/contacts/detail/PhotoSelectionHandler.java"},"deprecated":false,"signature_version":"v1","id":"ASB-A-195748381-7f7d8f3e"},{"digest":{"line_hashes":["223278207680195898951512275945111873585","244089033526537708944594960841179992814","63334131810626954617180635434969915156","323222867625324388110637694425113564436","312524547105340884440092928648807911551","244133901288040665864098417729068874748","100044497615972359408504530620295725419","210307963315060544596413630958488474882","307761566645295474480670835374025477452","325337384810327391145065627446683500717","60726150914499607586060425792476400273","163652942217467545884249545905377635004","69691961966343907956262108305030078463","135297140287006104911559077189726871358"],"threshold":0.9},"source":"https://android.googlesource.com/platform/packages/apps/Contacts/+/8b19ca470847f5f77d5b2e5dd086aae9ad4ea389","signature_type":"Line","target":{"file":"src/com/android/contacts/activities/AttachPhotoActivity.java"},"deprecated":false,"signature_version":"v1","id":"ASB-A-195748381-a302240f"},{"digest":{"length":1819,"function_hash":"33710228034365950587107242472375266098"},"source":"https://android.googlesource.com/platform/packages/apps/Contacts/+/8b19ca470847f5f77d5b2e5dd086aae9ad4ea389","signature_type":"Function","target":{"file":"src/com/android/contacts/activities/AttachPhotoActivity.java","function":"onActivityResult"},"deprecated":false,"signature_version":"v1","id":"ASB-A-195748381-c9cf8f45"}],"spl":"2021-12-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-195748381.json"}},{"package":{"name":"platform/packages/apps/Contacts","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2021-12-01"}]}],"versions":["11"],"ecosystem_specific":{"types":["ID"],"severity":"High","fixes":["https://android.googlesource.com/platform/packages/apps/Contacts/+/8b19ca470847f5f77d5b2e5dd086aae9ad4ea389"],"vanir_signatures":[{"digest":{"length":173,"function_hash":"179677790373120952691248773781147594472"},"source":"https://android.googlesource.com/platform/packages/apps/Contacts/+/8b19ca470847f5f77d5b2e5dd086aae9ad4ea389","signature_type":"Function","target":{"file":"src/com/android/contacts/activities/AttachPhotoActivity.java","function":"hasIntentHandler"},"deprecated":false,"signature_version":"v1","id":"ASB-A-195748381-14db33ff"},{"digest":{"length":658,"function_hash":"314418117801851775801355691785811246598"},"source":"https://android.googlesource.com/platform/packages/apps/Contacts/+/8b19ca470847f5f77d5b2e5dd086aae9ad4ea389","signature_type":"Function","target":{"file":"src/com/android/contacts/detail/PhotoSelectionHandler.java","function":"doCropPhoto"},"deprecated":false,"signature_version":"v1","id":"ASB-A-195748381-4c1b28c5"},{"digest":{"line_hashes":["297009647437187288351312534496057984541","38469369907873177461087543694196245761","321415984954187660629236682543188182871","272054503843800643377983096657675118706","211243339119699819273234614350551707603","230090811574423055686942903894849481240","180186510685095853057110917444232057232","102675008360826615964887147173645430316","18201849733337273009001638995212369039","309206389203258398850708434217568906961","103651622964447416465088003270726011314","160887830718248784768962514539007960381","35995487625435595485094658060379210616","75986618999617851885806937119284027442","261279452738273431249761987130227645760"],"threshold":0.9},"source":"https://android.googlesource.com/platform/packages/apps/Contacts/+/8b19ca470847f5f77d5b2e5dd086aae9ad4ea389","signature_type":"Line","target":{"file":"src/com/android/contacts/detail/PhotoSelectionHandler.java"},"deprecated":false,"signature_version":"v1","id":"ASB-A-195748381-a95bc6ca"},{"digest":{"line_hashes":["223278207680195898951512275945111873585","244089033526537708944594960841179992814","63334131810626954617180635434969915156","323222867625324388110637694425113564436","312524547105340884440092928648807911551","244133901288040665864098417729068874748","100044497615972359408504530620295725419","210307963315060544596413630958488474882","307761566645295474480670835374025477452","325337384810327391145065627446683500717","60726150914499607586060425792476400273","163652942217467545884249545905377635004","69691961966343907956262108305030078463","135297140287006104911559077189726871358"],"threshold":0.9},"source":"https://android.googlesource.com/platform/packages/apps/Contacts/+/8b19ca470847f5f77d5b2e5dd086aae9ad4ea389","signature_type":"Line","target":{"file":"src/com/android/contacts/activities/AttachPhotoActivity.java"},"deprecated":false,"signature_version":"v1","id":"ASB-A-195748381-ae3262a0"},{"digest":{"length":1819,"function_hash":"33710228034365950587107242472375266098"},"source":"https://android.googlesource.com/platform/packages/apps/Contacts/+/8b19ca470847f5f77d5b2e5dd086aae9ad4ea389","signature_type":"Function","target":{"file":"src/com/android/contacts/activities/AttachPhotoActivity.java","function":"onActivityResult"},"deprecated":false,"signature_version":"v1","id":"ASB-A-195748381-d67b2744"},{"digest":{"length":184,"function_hash":"297298836795236935448087114931872793637"},"source":"https://android.googlesource.com/platform/packages/apps/Contacts/+/8b19ca470847f5f77d5b2e5dd086aae9ad4ea389","signature_type":"Function","target":{"file":"src/com/android/contacts/detail/PhotoSelectionHandler.java","function":"hasIntentHandler"},"deprecated":false,"signature_version":"v1","id":"ASB-A-195748381-fd26ac0e"}],"spl":"2021-12-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-195748381.json"}},{"package":{"name":"platform/packages/apps/Contacts","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2021-12-01"}]}],"versions":["12"],"ecosystem_specific":{"types":["ID"],"severity":"High","fixes":["https://android.googlesource.com/platform/packages/apps/Contacts/+/8b19ca470847f5f77d5b2e5dd086aae9ad4ea389"],"vanir_signatures":[{"digest":{"line_hashes":["223278207680195898951512275945111873585","244089033526537708944594960841179992814","63334131810626954617180635434969915156","323222867625324388110637694425113564436","312524547105340884440092928648807911551","244133901288040665864098417729068874748","100044497615972359408504530620295725419","210307963315060544596413630958488474882","307761566645295474480670835374025477452","325337384810327391145065627446683500717","60726150914499607586060425792476400273","163652942217467545884249545905377635004","69691961966343907956262108305030078463","135297140287006104911559077189726871358"],"threshold":0.9},"source":"https://android.googlesource.com/platform/packages/apps/Contacts/+/8b19ca470847f5f77d5b2e5dd086aae9ad4ea389","signature_type":"Line","target":{"file":"src/com/android/contacts/activities/AttachPhotoActivity.java"},"deprecated":false,"signature_version":"v1","id":"ASB-A-195748381-009d7708"},{"digest":{"line_hashes":["297009647437187288351312534496057984541","38469369907873177461087543694196245761","321415984954187660629236682543188182871","272054503843800643377983096657675118706","211243339119699819273234614350551707603","230090811574423055686942903894849481240","180186510685095853057110917444232057232","102675008360826615964887147173645430316","18201849733337273009001638995212369039","309206389203258398850708434217568906961","103651622964447416465088003270726011314","160887830718248784768962514539007960381","35995487625435595485094658060379210616","75986618999617851885806937119284027442","261279452738273431249761987130227645760"],"threshold":0.9},"source":"https://android.googlesource.com/platform/packages/apps/Contacts/+/8b19ca470847f5f77d5b2e5dd086aae9ad4ea389","signature_type":"Line","target":{"file":"src/com/android/contacts/detail/PhotoSelectionHandler.java"},"deprecated":false,"signature_version":"v1","id":"ASB-A-195748381-3299212d"},{"digest":{"length":1819,"function_hash":"33710228034365950587107242472375266098"},"source":"https://android.googlesource.com/platform/packages/apps/Contacts/+/8b19ca470847f5f77d5b2e5dd086aae9ad4ea389","signature_type":"Function","target":{"file":"src/com/android/contacts/activities/AttachPhotoActivity.java","function":"onActivityResult"},"deprecated":false,"signature_version":"v1","id":"ASB-A-195748381-3dac08dd"},{"digest":{"length":173,"function_hash":"179677790373120952691248773781147594472"},"source":"https://android.googlesource.com/platform/packages/apps/Contacts/+/8b19ca470847f5f77d5b2e5dd086aae9ad4ea389","signature_type":"Function","target":{"file":"src/com/android/contacts/activities/AttachPhotoActivity.java","function":"hasIntentHandler"},"deprecated":false,"signature_version":"v1","id":"ASB-A-195748381-80013b57"},{"digest":{"length":184,"function_hash":"297298836795236935448087114931872793637"},"source":"https://android.googlesource.com/platform/packages/apps/Contacts/+/8b19ca470847f5f77d5b2e5dd086aae9ad4ea389","signature_type":"Function","target":{"file":"src/com/android/contacts/detail/PhotoSelectionHandler.java","function":"hasIntentHandler"},"deprecated":false,"signature_version":"v1","id":"ASB-A-195748381-bdd7ad26"},{"digest":{"length":658,"function_hash":"314418117801851775801355691785811246598"},"source":"https://android.googlesource.com/platform/packages/apps/Contacts/+/8b19ca470847f5f77d5b2e5dd086aae9ad4ea389","signature_type":"Function","target":{"file":"src/com/android/contacts/detail/PhotoSelectionHandler.java","function":"doCropPhoto"},"deprecated":false,"signature_version":"v1","id":"ASB-A-195748381-da0c6cae"}],"spl":"2021-12-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-195748381.json"}}],"schema_version":"1.7.5"}