{"id":"ASB-A-204077881","details":"In checkSpsUpdated of AAVCAssembler.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.","aliases":["A-204077881","CVE-2021-39665"],"modified":"2026-05-27T15:53:17.428190120Z","published":"2022-02-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2022-02-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/av/+/d0e524f58873f81549c7abfade30d8c9d2406a1c"}],"affected":[{"package":{"name":"platform/frameworks/av","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2022-02-01"}]}],"versions":["12"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/av/+/cc538ed26803328445d52383f91025b357cda47d"],"severity":"High","vanir_signatures":[{"digest":{"function_hash":"69447002832914259517445382002834504670","length":404},"signature_type":"Function","id":"ASB-A-204077881-15210b66","signature_version":"v1","deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/av/+/cc538ed26803328445d52383f91025b357cda47d","target":{"function":"AAVCAssembler::checkSpsUpdated","file":"media/libstagefright/rtsp/AAVCAssembler.cpp"}},{"digest":{"line_hashes":["329137829467727028975304135906492061630","91765238030631839877653982970183501961","78904361420780750818517263595879144632","25371881439428296618679050946846425773"],"threshold":0.9},"signature_type":"Line","id":"ASB-A-204077881-e937756a","signature_version":"v1","deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/av/+/cc538ed26803328445d52383f91025b357cda47d","target":{"file":"media/libstagefright/rtsp/AAVCAssembler.cpp"}}],"types":["ID"],"spl":"2022-02-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-204077881.json"}}],"schema_version":"1.7.5"}