{"id":"ASB-A-230630526","details":"In dropFramesUntilIframe of AAVCAssembler.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-230630526","CVE-2023-20948"],"modified":"2026-04-21T15:25:42.831358Z","published":"2023-02-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2023-02-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/av/+/d037f9d65f1356bc99fd8e882e641e89796029d2"}],"affected":[{"package":{"name":"platform/frameworks/av","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2023-02-01"}]}],"versions":["12"],"ecosystem_specific":{"severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/av/+/3066b1410d87cc8f320cf8dd7eb7705172773919"],"types":["ID"],"spl":"2023-02-01","vanir_signatures":[{"id":"ASB-A-230630526-6588bcea","target":{"file":"media/libstagefright/rtsp/AAVCAssembler.cpp"},"digest":{"line_hashes":["212379021873874381798247829236382160182","66417754514263419850213442380152917103","83815358669303451646456030079685590824","257864817666391178255675542568251582396","263069363621899467718590819386129818171","157817403914038502428079643464892840091","101333980791625609406177382456945136167","59797745874716954063490402646915308687","7474857098925625077232707478489679628"],"threshold":0.9},"source":"https://android.googlesource.com/platform/frameworks/av/+/3066b1410d87cc8f320cf8dd7eb7705172773919","deprecated":false,"signature_version":"v1","signature_type":"Line"},{"id":"ASB-A-230630526-71b5dc24","target":{"file":"media/libstagefright/rtsp/AHEVCAssembler.cpp"},"digest":{"line_hashes":["140770239503625695064828509019799832477","65151910557162486066798864813844158243","307790884070244291519980776556995421879","53843108038709408261758986378788463147","291643098195140441343962701386998301660","222376076498018654343369208564744225737","116942000878267325333699752797775468688","10740280627826607411568439716866325047","251084557062795462069238240176517221836","66320444299511471936883387867503732979","85860989143724487160794368716943060739","251389852599537295098525343765117788487"],"threshold":0.9},"source":"https://android.googlesource.com/platform/frameworks/av/+/3066b1410d87cc8f320cf8dd7eb7705172773919","deprecated":false,"signature_version":"v1","signature_type":"Line"},{"id":"ASB-A-230630526-76d7bdfa","target":{"function":"AAVCAssembler::pickStartSeq","file":"media/libstagefright/rtsp/AAVCAssembler.cpp"},"digest":{"function_hash":"308027462454203152321871474735483761019","length":719},"source":"https://android.googlesource.com/platform/frameworks/av/+/3066b1410d87cc8f320cf8dd7eb7705172773919","deprecated":false,"signature_version":"v1","signature_type":"Function"},{"id":"ASB-A-230630526-9f401594","target":{"function":"AHEVCAssembler::pickStartSeq","file":"media/libstagefright/rtsp/AHEVCAssembler.cpp"},"digest":{"function_hash":"56722316515367879950337906555341498064","length":613},"source":"https://android.googlesource.com/platform/frameworks/av/+/3066b1410d87cc8f320cf8dd7eb7705172773919","deprecated":false,"signature_version":"v1","signature_type":"Function"},{"id":"ASB-A-230630526-b8e9844b","target":{"function":"AAVCAssembler::dropFramesUntilIframe","file":"media/libstagefright/rtsp/AAVCAssembler.cpp"},"digest":{"function_hash":"265553517352856004442905162954785064259","length":227},"source":"https://android.googlesource.com/platform/frameworks/av/+/3066b1410d87cc8f320cf8dd7eb7705172773919","deprecated":false,"signature_version":"v1","signature_type":"Function"}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-230630526.json"}},{"package":{"name":"platform/frameworks/av","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2023-02-01"}]}],"versions":["12L"],"ecosystem_specific":{"severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/av/+/3066b1410d87cc8f320cf8dd7eb7705172773919"],"types":["ID"],"spl":"2023-02-01","vanir_signatures":[{"id":"ASB-A-230630526-81b58407","target":{"function":"AAVCAssembler::pickStartSeq","file":"media/libstagefright/rtsp/AAVCAssembler.cpp"},"digest":{"function_hash":"308027462454203152321871474735483761019","length":719},"source":"https://android.googlesource.com/platform/frameworks/av/+/3066b1410d87cc8f320cf8dd7eb7705172773919","deprecated":false,"signature_version":"v1","signature_type":"Function"},{"id":"ASB-A-230630526-8f5b16b6","target":{"function":"AAVCAssembler::dropFramesUntilIframe","file":"media/libstagefright/rtsp/AAVCAssembler.cpp"},"digest":{"function_hash":"265553517352856004442905162954785064259","length":227},"source":"https://android.googlesource.com/platform/frameworks/av/+/3066b1410d87cc8f320cf8dd7eb7705172773919","deprecated":false,"signature_version":"v1","signature_type":"Function"},{"id":"ASB-A-230630526-8f931b76","target":{"function":"AHEVCAssembler::pickStartSeq","file":"media/libstagefright/rtsp/AHEVCAssembler.cpp"},"digest":{"function_hash":"56722316515367879950337906555341498064","length":613},"source":"https://android.googlesource.com/platform/frameworks/av/+/3066b1410d87cc8f320cf8dd7eb7705172773919","deprecated":false,"signature_version":"v1","signature_type":"Function"},{"id":"ASB-A-230630526-ae615258","target":{"file":"media/libstagefright/rtsp/AAVCAssembler.cpp"},"digest":{"line_hashes":["212379021873874381798247829236382160182","66417754514263419850213442380152917103","83815358669303451646456030079685590824","257864817666391178255675542568251582396","263069363621899467718590819386129818171","157817403914038502428079643464892840091","101333980791625609406177382456945136167","59797745874716954063490402646915308687","7474857098925625077232707478489679628"],"threshold":0.9},"source":"https://android.googlesource.com/platform/frameworks/av/+/3066b1410d87cc8f320cf8dd7eb7705172773919","deprecated":false,"signature_version":"v1","signature_type":"Line"},{"id":"ASB-A-230630526-c58965bb","target":{"file":"media/libstagefright/rtsp/AHEVCAssembler.cpp"},"digest":{"line_hashes":["140770239503625695064828509019799832477","65151910557162486066798864813844158243","307790884070244291519980776556995421879","53843108038709408261758986378788463147","291643098195140441343962701386998301660","222376076498018654343369208564744225737","116942000878267325333699752797775468688","10740280627826607411568439716866325047","251084557062795462069238240176517221836","66320444299511471936883387867503732979","85860989143724487160794368716943060739","251389852599537295098525343765117788487"],"threshold":0.9},"source":"https://android.googlesource.com/platform/frameworks/av/+/3066b1410d87cc8f320cf8dd7eb7705172773919","deprecated":false,"signature_version":"v1","signature_type":"Line"}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-230630526.json"}},{"package":{"name":"platform/frameworks/av","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2023-02-01"}]}],"versions":["13"],"ecosystem_specific":{"severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/av/+/3066b1410d87cc8f320cf8dd7eb7705172773919"],"types":["ID"],"spl":"2023-02-01","vanir_signatures":[{"id":"ASB-A-230630526-117ea795","target":{"file":"media/libstagefright/rtsp/AHEVCAssembler.cpp"},"digest":{"line_hashes":["140770239503625695064828509019799832477","65151910557162486066798864813844158243","307790884070244291519980776556995421879","53843108038709408261758986378788463147","291643098195140441343962701386998301660","222376076498018654343369208564744225737","116942000878267325333699752797775468688","10740280627826607411568439716866325047","251084557062795462069238240176517221836","66320444299511471936883387867503732979","85860989143724487160794368716943060739","251389852599537295098525343765117788487"],"threshold":0.9},"source":"https://android.googlesource.com/platform/frameworks/av/+/3066b1410d87cc8f320cf8dd7eb7705172773919","deprecated":false,"signature_version":"v1","signature_type":"Line"},{"id":"ASB-A-230630526-562f81c9","target":{"function":"AHEVCAssembler::pickStartSeq","file":"media/libstagefright/rtsp/AHEVCAssembler.cpp"},"digest":{"function_hash":"56722316515367879950337906555341498064","length":613},"source":"https://android.googlesource.com/platform/frameworks/av/+/3066b1410d87cc8f320cf8dd7eb7705172773919","deprecated":false,"signature_version":"v1","signature_type":"Function"},{"id":"ASB-A-230630526-9a815441","target":{"function":"AAVCAssembler::dropFramesUntilIframe","file":"media/libstagefright/rtsp/AAVCAssembler.cpp"},"digest":{"function_hash":"265553517352856004442905162954785064259","length":227},"source":"https://android.googlesource.com/platform/frameworks/av/+/3066b1410d87cc8f320cf8dd7eb7705172773919","deprecated":false,"signature_version":"v1","signature_type":"Function"},{"id":"ASB-A-230630526-ce723218","target":{"function":"AAVCAssembler::pickStartSeq","file":"media/libstagefright/rtsp/AAVCAssembler.cpp"},"digest":{"function_hash":"308027462454203152321871474735483761019","length":719},"source":"https://android.googlesource.com/platform/frameworks/av/+/3066b1410d87cc8f320cf8dd7eb7705172773919","deprecated":false,"signature_version":"v1","signature_type":"Function"},{"id":"ASB-A-230630526-d583668b","target":{"file":"media/libstagefright/rtsp/AAVCAssembler.cpp"},"digest":{"line_hashes":["212379021873874381798247829236382160182","66417754514263419850213442380152917103","83815358669303451646456030079685590824","257864817666391178255675542568251582396","263069363621899467718590819386129818171","157817403914038502428079643464892840091","101333980791625609406177382456945136167","59797745874716954063490402646915308687","7474857098925625077232707478489679628"],"threshold":0.9},"source":"https://android.googlesource.com/platform/frameworks/av/+/3066b1410d87cc8f320cf8dd7eb7705172773919","deprecated":false,"signature_version":"v1","signature_type":"Line"}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-230630526.json"}}],"schema_version":"1.7.5"}