{"id":"ASB-A-230493653","details":"In updateAudioTrackInfoFromESDS_MPEG4Audio of MPEG4Extractor.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.","aliases":["A-230493653","CVE-2022-20346"],"modified":"2026-04-17T15:55:28.020024Z","published":"2022-08-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2022-08-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/av/+/3b933840bc3839b8f99b2689257e365ec2d134db"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/av/+/9d33304ec75b366ed9750e7bde6f96f8c704e1c8"}],"affected":[{"package":{"name":"platform/frameworks/av","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"10:0"},{"fixed":"10:2022-08-01"}]}],"versions":["10"],"ecosystem_specific":{"severity":"High","types":["ID"],"fixes":["https://android.googlesource.com/platform/frameworks/av/+/9d33304ec75b366ed9750e7bde6f96f8c704e1c8"],"vanir_signatures":[{"source":"https://android.googlesource.com/platform/frameworks/av/+/9d33304ec75b366ed9750e7bde6f96f8c704e1c8","id":"ASB-A-230493653-6e99e429","signature_version":"v1","target":{"file":"media/extractors/mp4/MPEG4Extractor.cpp"},"digest":{"line_hashes":["225322178506426539697111397787662797815","203007418245486663436757567325339439945","283734241504781186210317179610985584230","275702062095050616325682778445507309860"],"threshold":0.9},"deprecated":false,"signature_type":"Line"},{"source":"https://android.googlesource.com/platform/frameworks/av/+/9d33304ec75b366ed9750e7bde6f96f8c704e1c8","id":"ASB-A-230493653-e652dde0","signature_version":"v1","target":{"file":"media/extractors/mp4/MPEG4Extractor.cpp","function":"MPEG4Extractor::updateAudioTrackInfoFromESDS_MPEG4Audio"},"digest":{"length":7552,"function_hash":"60777411702810882278554162367025679691"},"deprecated":false,"signature_type":"Function"}],"spl":"2022-08-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-230493653.json"}},{"package":{"name":"platform/frameworks/av","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2022-08-01"}]}],"versions":["11"],"ecosystem_specific":{"severity":"High","types":["ID"],"fixes":["https://android.googlesource.com/platform/frameworks/av/+/9d33304ec75b366ed9750e7bde6f96f8c704e1c8"],"vanir_signatures":[{"source":"https://android.googlesource.com/platform/frameworks/av/+/9d33304ec75b366ed9750e7bde6f96f8c704e1c8","id":"ASB-A-230493653-019db7bc","signature_version":"v1","target":{"file":"media/extractors/mp4/MPEG4Extractor.cpp","function":"MPEG4Extractor::updateAudioTrackInfoFromESDS_MPEG4Audio"},"digest":{"length":7552,"function_hash":"60777411702810882278554162367025679691"},"deprecated":false,"signature_type":"Function"},{"source":"https://android.googlesource.com/platform/frameworks/av/+/9d33304ec75b366ed9750e7bde6f96f8c704e1c8","id":"ASB-A-230493653-776cb4cf","signature_version":"v1","target":{"file":"media/extractors/mp4/MPEG4Extractor.cpp"},"digest":{"line_hashes":["225322178506426539697111397787662797815","203007418245486663436757567325339439945","283734241504781186210317179610985584230","275702062095050616325682778445507309860"],"threshold":0.9},"deprecated":false,"signature_type":"Line"}],"spl":"2022-08-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-230493653.json"}},{"package":{"name":"platform/frameworks/av","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2022-08-01"}]}],"versions":["12"],"ecosystem_specific":{"severity":"High","types":["ID"],"fixes":["https://android.googlesource.com/platform/frameworks/av/+/9d33304ec75b366ed9750e7bde6f96f8c704e1c8"],"vanir_signatures":[{"source":"https://android.googlesource.com/platform/frameworks/av/+/9d33304ec75b366ed9750e7bde6f96f8c704e1c8","id":"ASB-A-230493653-a0dfe305","signature_version":"v1","target":{"file":"media/extractors/mp4/MPEG4Extractor.cpp"},"digest":{"line_hashes":["225322178506426539697111397787662797815","203007418245486663436757567325339439945","283734241504781186210317179610985584230","275702062095050616325682778445507309860"],"threshold":0.9},"deprecated":false,"signature_type":"Line"},{"source":"https://android.googlesource.com/platform/frameworks/av/+/9d33304ec75b366ed9750e7bde6f96f8c704e1c8","id":"ASB-A-230493653-bdcec08c","signature_version":"v1","target":{"file":"media/extractors/mp4/MPEG4Extractor.cpp","function":"MPEG4Extractor::updateAudioTrackInfoFromESDS_MPEG4Audio"},"digest":{"length":7552,"function_hash":"60777411702810882278554162367025679691"},"deprecated":false,"signature_type":"Function"}],"spl":"2022-08-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-230493653.json"}},{"package":{"name":"platform/frameworks/av","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2022-08-01"}]}],"versions":["12L"],"ecosystem_specific":{"severity":"High","types":["ID"],"fixes":["https://android.googlesource.com/platform/frameworks/av/+/9d33304ec75b366ed9750e7bde6f96f8c704e1c8"],"vanir_signatures":[{"source":"https://android.googlesource.com/platform/frameworks/av/+/9d33304ec75b366ed9750e7bde6f96f8c704e1c8","id":"ASB-A-230493653-938171ed","signature_version":"v1","target":{"file":"media/extractors/mp4/MPEG4Extractor.cpp"},"digest":{"line_hashes":["225322178506426539697111397787662797815","203007418245486663436757567325339439945","283734241504781186210317179610985584230","275702062095050616325682778445507309860"],"threshold":0.9},"deprecated":false,"signature_type":"Line"},{"source":"https://android.googlesource.com/platform/frameworks/av/+/9d33304ec75b366ed9750e7bde6f96f8c704e1c8","id":"ASB-A-230493653-ac083058","signature_version":"v1","target":{"file":"media/extractors/mp4/MPEG4Extractor.cpp","function":"MPEG4Extractor::updateAudioTrackInfoFromESDS_MPEG4Audio"},"digest":{"length":7552,"function_hash":"60777411702810882278554162367025679691"},"deprecated":false,"signature_type":"Function"}],"spl":"2022-08-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-230493653.json"}}],"schema_version":"1.7.5"}