{"id":"ASB-A-233735886","details":"In extract3GPPGlobalDescriptions of TextDescriptions.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure from the media server with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-233735886","CVE-2022-20393"],"modified":"2026-05-26T15:46:26.044149249Z","published":"2022-09-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2022-09-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/av/+/b63d4e785ba4d896bbbd50d4f09bda13294926af"}],"affected":[{"package":{"name":"platform/frameworks/av","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13-next:0"},{"fixed":"13-next:2022-09-01"}]}],"versions":["13-next"],"ecosystem_specific":{"severity":"High","vanir_signatures":[{"target":{"function":"TextDescriptions::extract3GPPGlobalDescriptions","file":"media/libstagefright/timedtext/TextDescriptions.cpp"},"signature_version":"v1","deprecated":false,"signature_type":"Function","digest":{"length":2780,"function_hash":"50675638291051841526738330140886205029"},"id":"ASB-A-233735886-4802d056","source":"https://android.googlesource.com/platform/frameworks/av/+/bba676b80fe34c20d0834582a03f307e6524f414"},{"signature_type":"Line","deprecated":false,"target":{"file":"media/libstagefright/timedtext/TextDescriptions.cpp"},"digest":{"line_hashes":["229386592317417695301799087523203399799","109219931390342791495629278406969013539","198744136753815729415861381615626259319","237196193812767868580563222050800769717"],"threshold":0.9},"signature_version":"v1","id":"ASB-A-233735886-ecd339bf","source":"https://android.googlesource.com/platform/frameworks/av/+/bba676b80fe34c20d0834582a03f307e6524f414"}],"types":["ID"],"spl":"2022-09-01","fixes":["https://android.googlesource.com/platform/frameworks/av/+/bba676b80fe34c20d0834582a03f307e6524f414"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-233735886.json"}},{"package":{"name":"platform/frameworks/av","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2022-09-01"}]}],"versions":["11"],"ecosystem_specific":{"vanir_signatures":[{"signature_version":"v1","deprecated":false,"target":{"function":"TextDescriptions::extract3GPPGlobalDescriptions","file":"media/libstagefright/timedtext/TextDescriptions.cpp"},"signature_type":"Function","digest":{"function_hash":"50675638291051841526738330140886205029","length":2780},"id":"ASB-A-233735886-673a1ae7","source":"https://android.googlesource.com/platform/frameworks/av/+/b63d4e785ba4d896bbbd50d4f09bda13294926af"},{"target":{"file":"media/libstagefright/timedtext/TextDescriptions.cpp"},"signature_version":"v1","deprecated":false,"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["229386592317417695301799087523203399799","109219931390342791495629278406969013539","198744136753815729415861381615626259319","237196193812767868580563222050800769717"]},"id":"ASB-A-233735886-ae1819fc","source":"https://android.googlesource.com/platform/frameworks/av/+/b63d4e785ba4d896bbbd50d4f09bda13294926af"}],"types":["ID"],"spl":"2022-09-01","severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/av/+/b63d4e785ba4d896bbbd50d4f09bda13294926af"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-233735886.json"}},{"package":{"name":"platform/frameworks/av","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2022-09-01"}]}],"versions":["12"],"ecosystem_specific":{"vanir_signatures":[{"digest":{"threshold":0.9,"line_hashes":["229386592317417695301799087523203399799","109219931390342791495629278406969013539","198744136753815729415861381615626259319","237196193812767868580563222050800769717"]},"deprecated":false,"target":{"file":"media/libstagefright/timedtext/TextDescriptions.cpp"},"signature_version":"v1","signature_type":"Line","id":"ASB-A-233735886-37659871","source":"https://android.googlesource.com/platform/frameworks/av/+/b63d4e785ba4d896bbbd50d4f09bda13294926af"},{"target":{"function":"TextDescriptions::extract3GPPGlobalDescriptions","file":"media/libstagefright/timedtext/TextDescriptions.cpp"},"signature_version":"v1","deprecated":false,"signature_type":"Function","digest":{"length":2780,"function_hash":"50675638291051841526738330140886205029"},"id":"ASB-A-233735886-f28df4bc","source":"https://android.googlesource.com/platform/frameworks/av/+/b63d4e785ba4d896bbbd50d4f09bda13294926af"}],"types":["ID"],"spl":"2022-09-01","severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/av/+/b63d4e785ba4d896bbbd50d4f09bda13294926af"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-233735886.json"}},{"package":{"name":"platform/frameworks/av","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2022-09-01"}]}],"versions":["12L"],"ecosystem_specific":{"spl":"2022-09-01","severity":"High","vanir_signatures":[{"signature_version":"v1","deprecated":false,"target":{"function":"TextDescriptions::extract3GPPGlobalDescriptions","file":"media/libstagefright/timedtext/TextDescriptions.cpp"},"signature_type":"Function","digest":{"function_hash":"50675638291051841526738330140886205029","length":2780},"id":"ASB-A-233735886-689245c8","source":"https://android.googlesource.com/platform/frameworks/av/+/b63d4e785ba4d896bbbd50d4f09bda13294926af"},{"target":{"file":"media/libstagefright/timedtext/TextDescriptions.cpp"},"signature_version":"v1","deprecated":false,"signature_type":"Line","digest":{"line_hashes":["229386592317417695301799087523203399799","109219931390342791495629278406969013539","198744136753815729415861381615626259319","237196193812767868580563222050800769717"],"threshold":0.9},"id":"ASB-A-233735886-98a328bb","source":"https://android.googlesource.com/platform/frameworks/av/+/b63d4e785ba4d896bbbd50d4f09bda13294926af"}],"types":["ID"],"fixes":["https://android.googlesource.com/platform/frameworks/av/+/b63d4e785ba4d896bbbd50d4f09bda13294926af"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-233735886.json"}}],"schema_version":"1.7.5"}