{"id":"ASB-A-245137718","details":"In MtpPropertyValue of MtpProperty.h, there is a possible out of bounds read due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.","aliases":["A-245137718","CVE-2023-35679"],"modified":"2026-05-19T16:54:37.272608834Z","published":"2023-09-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2023-09-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/av/+/ea6131efa76a0b2a12724ffd157909e2c6fb4036"}],"affected":[{"package":{"name":"platform/frameworks/av","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13-next:0"},{"fixed":"13-next:2023-09-01"}]}],"versions":["13-next"],"ecosystem_specific":{"severity":"High","types":["ID"],"vanir_signatures":[{"target":{"file":"media/mtp/MtpProperty.h"},"signature_version":"v1","deprecated":false,"id":"ASB-A-245137718-0858d31e","source":"https://android.googlesource.com/platform/frameworks/av/+/3afa6e80e8568fe63f893fa354bc79ef91d3dcc0","digest":{"threshold":0.9,"line_hashes":["49440150004597398374299339656218450864","135677111807147160386708736057925333638","202537571553025539675748916310275647158","296972742206731287151675506359443186515"]},"signature_type":"Line"}],"fixes":["https://android.googlesource.com/platform/frameworks/av/+/3afa6e80e8568fe63f893fa354bc79ef91d3dcc0"],"spl":"2023-09-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-245137718.json"}},{"package":{"name":"platform/frameworks/av","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2023-09-01"}]}],"versions":["11"],"ecosystem_specific":{"severity":"High","types":["ID"],"spl":"2023-09-01","fixes":["https://android.googlesource.com/platform/frameworks/av/+/d44311374e41a26b28db56794c9a7890a13a6972"],"vanir_signatures":[{"source":"https://android.googlesource.com/platform/frameworks/av/+/d44311374e41a26b28db56794c9a7890a13a6972","deprecated":false,"signature_version":"v1","id":"ASB-A-245137718-c2c06a9e","digest":{"threshold":0.9,"line_hashes":["49440150004597398374299339656218450864","135677111807147160386708736057925333638","202537571553025539675748916310275647158","296972742206731287151675506359443186515"]},"target":{"file":"media/mtp/MtpProperty.h"},"signature_type":"Line"}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-245137718.json"}},{"package":{"name":"platform/frameworks/av","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2023-09-01"}]}],"versions":["12"],"ecosystem_specific":{"severity":"High","types":["ID"],"spl":"2023-09-01","fixes":["https://android.googlesource.com/platform/frameworks/av/+/c138d20635694857754f2b7de2342089de13d556"],"vanir_signatures":[{"source":"https://android.googlesource.com/platform/frameworks/av/+/c138d20635694857754f2b7de2342089de13d556","deprecated":false,"signature_version":"v1","id":"ASB-A-245137718-b87de1b5","digest":{"threshold":0.9,"line_hashes":["49440150004597398374299339656218450864","135677111807147160386708736057925333638","202537571553025539675748916310275647158","296972742206731287151675506359443186515"]},"target":{"file":"media/mtp/MtpProperty.h"},"signature_type":"Line"}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-245137718.json"}},{"package":{"name":"platform/frameworks/av","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2023-09-01"}]}],"versions":["12L"],"ecosystem_specific":{"severity":"High","types":["ID"],"spl":"2023-09-01","fixes":["https://android.googlesource.com/platform/frameworks/av/+/5825299cf697df203ce42f67f741731b97f96071"],"vanir_signatures":[{"source":"https://android.googlesource.com/platform/frameworks/av/+/5825299cf697df203ce42f67f741731b97f96071","deprecated":false,"signature_version":"v1","id":"ASB-A-245137718-cbf2e1fd","digest":{"threshold":0.9,"line_hashes":["49440150004597398374299339656218450864","135677111807147160386708736057925333638","202537571553025539675748916310275647158","296972742206731287151675506359443186515"]},"target":{"file":"media/mtp/MtpProperty.h"},"signature_type":"Line"}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-245137718.json"}},{"package":{"name":"platform/frameworks/av","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2023-09-01"}]}],"versions":["13"],"ecosystem_specific":{"severity":"High","types":["ID"],"vanir_signatures":[{"source":"https://android.googlesource.com/platform/frameworks/av/+/99d0823ca2b8275f000a437150fb8d1938b1b31a","deprecated":false,"signature_version":"v1","id":"ASB-A-245137718-96b0935d","digest":{"threshold":0.9,"line_hashes":["49440150004597398374299339656218450864","135677111807147160386708736057925333638","202537571553025539675748916310275647158","296972742206731287151675506359443186515"]},"target":{"file":"media/mtp/MtpProperty.h"},"signature_type":"Line"}],"fixes":["https://android.googlesource.com/platform/frameworks/av/+/99d0823ca2b8275f000a437150fb8d1938b1b31a"],"spl":"2023-09-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-245137718.json"}}],"schema_version":"1.7.5"}