{"id":"ASB-A-215002587","details":"In reinit of HeifDecoderImpl.cpp, there is a possible crash due to a missing null check. This could lead to remote persistent denial of service in the file picker with no additional execution privileges needed. User interaction is needed for exploitation.","aliases":["A-215002587","CVE-2021-39804"],"modified":"2026-04-21T15:25:42.831358Z","published":"2022-04-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2022-04-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/av/+/3942f55f1c8e36b0f9d4c5acf99b177476f96457"}],"affected":[{"package":{"name":"platform/frameworks/av","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2022-04-01"}]}],"versions":["11"],"ecosystem_specific":{"types":["DoS"],"spl":"2022-04-01","severity":"High","vanir_signatures":[{"deprecated":false,"signature_version":"v1","id":"ASB-A-215002587-1a2a6e41","target":{"file":"media/libheif/HeifDecoderImpl.cpp"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["120094149259898520039636647466959784927","189658632857752840631892844443326689291","146690459648094460987152018503952238443","178671603697984325450663552958525370914","127679628326051150164104027699124853381","108294308126805958334691522993731809941","201147652771583851881525933246798600192","85123002385931961319632137301270385112"]},"source":"https://android.googlesource.com/platform/frameworks/av/+/616bd340ecded759720199bcf5b8562e0fdf3f59"},{"deprecated":false,"signature_version":"v1","id":"ASB-A-215002587-d3dec402","target":{"file":"media/libheif/HeifDecoderImpl.cpp","function":"HeifDecoderImpl::reinit"},"signature_type":"Function","digest":{"function_hash":"300673128464053907379081520348570002058","length":2249},"source":"https://android.googlesource.com/platform/frameworks/av/+/616bd340ecded759720199bcf5b8562e0fdf3f59"}],"fixes":["https://android.googlesource.com/platform/frameworks/av/+/616bd340ecded759720199bcf5b8562e0fdf3f59"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-215002587.json"}},{"package":{"name":"platform/frameworks/av","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2022-04-01"}]}],"versions":["12"],"ecosystem_specific":{"types":["DoS"],"spl":"2022-04-01","severity":"High","vanir_signatures":[{"deprecated":false,"signature_version":"v1","id":"ASB-A-215002587-a8b555d0","target":{"file":"media/libheif/HeifDecoderImpl.cpp"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["120094149259898520039636647466959784927","189658632857752840631892844443326689291","146690459648094460987152018503952238443","178671603697984325450663552958525370914","127679628326051150164104027699124853381","108294308126805958334691522993731809941","201147652771583851881525933246798600192","85123002385931961319632137301270385112"]},"source":"https://android.googlesource.com/platform/frameworks/av/+/616bd340ecded759720199bcf5b8562e0fdf3f59"},{"deprecated":false,"signature_version":"v1","id":"ASB-A-215002587-d9058542","target":{"file":"media/libheif/HeifDecoderImpl.cpp","function":"HeifDecoderImpl::reinit"},"signature_type":"Function","digest":{"function_hash":"300673128464053907379081520348570002058","length":2249},"source":"https://android.googlesource.com/platform/frameworks/av/+/616bd340ecded759720199bcf5b8562e0fdf3f59"}],"fixes":["https://android.googlesource.com/platform/frameworks/av/+/616bd340ecded759720199bcf5b8562e0fdf3f59"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-215002587.json"}},{"package":{"name":"platform/frameworks/av","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2022-04-01"}]}],"versions":["12L"],"ecosystem_specific":{"types":["DoS"],"spl":"2022-04-01","severity":"High","vanir_signatures":[{"deprecated":false,"signature_version":"v1","id":"ASB-A-215002587-57e22744","target":{"file":"media/libheif/HeifDecoderImpl.cpp","function":"HeifDecoderImpl::reinit"},"signature_type":"Function","digest":{"function_hash":"300673128464053907379081520348570002058","length":2249},"source":"https://android.googlesource.com/platform/frameworks/av/+/616bd340ecded759720199bcf5b8562e0fdf3f59"},{"deprecated":false,"signature_version":"v1","id":"ASB-A-215002587-c9821319","target":{"file":"media/libheif/HeifDecoderImpl.cpp"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["120094149259898520039636647466959784927","189658632857752840631892844443326689291","146690459648094460987152018503952238443","178671603697984325450663552958525370914","127679628326051150164104027699124853381","108294308126805958334691522993731809941","201147652771583851881525933246798600192","85123002385931961319632137301270385112"]},"source":"https://android.googlesource.com/platform/frameworks/av/+/616bd340ecded759720199bcf5b8562e0fdf3f59"}],"fixes":["https://android.googlesource.com/platform/frameworks/av/+/616bd340ecded759720199bcf5b8562e0fdf3f59"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-215002587.json"}}],"schema_version":"1.7.5"}