{"id":"ASB-A-273935108","details":"In getConfig of SoftVideoDecoderOMXComponent.cpp, there is a possible out of bounds write due to a missing validation check. This could lead to a local non-security issue with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-273935108","CVE-2024-0050"],"modified":"2026-04-10T16:16:18.068628Z","published":"2024-03-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2024-03-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/av/+/8f3bc8be16480367bac36effa25706133a0dc22d"}],"affected":[{"package":{"name":"platform/frameworks/av","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14-next:0"},{"fixed":"14-next:2024-03-01"}]}],"versions":["14-next"],"ecosystem_specific":{"types":["EoP"],"vanir_signatures":[{"source":"https://android.googlesource.com/platform/frameworks/av/+/a542f2c50700ca6df93e966fe8d4c468e1a15d9a","signature_type":"Function","signature_version":"v1","id":"ASB-A-273935108-2d05e577","digest":{"function_hash":"200983221757485306743584430014462836827","length":1618},"target":{"function":"SoftVideoDecoderOMXComponent::internalSetConfig","file":"media/libstagefright/omx/SoftVideoDecoderOMXComponent.cpp"},"deprecated":false},{"source":"https://android.googlesource.com/platform/frameworks/av/+/a542f2c50700ca6df93e966fe8d4c468e1a15d9a","signature_type":"Line","signature_version":"v1","id":"ASB-A-273935108-697c948d","digest":{"threshold":0.9,"line_hashes":["250277166995589253424360724569768389234","34624681348147893793344478018212534023","78092223054894978558607607022892929019","145536400559010198293713714013421274942","106411573731740925544123314267413544625","29138224618757718333167329212448690483"]},"target":{"file":"media/libstagefright/omx/SoftVideoDecoderOMXComponent.cpp"},"deprecated":false},{"source":"https://android.googlesource.com/platform/frameworks/av/+/a542f2c50700ca6df93e966fe8d4c468e1a15d9a","signature_type":"Function","signature_version":"v1","id":"ASB-A-273935108-8fbe916a","digest":{"function_hash":"256198747448694616167020467032055940390","length":1775},"target":{"function":"SoftVideoDecoderOMXComponent::getConfig","file":"media/libstagefright/omx/SoftVideoDecoderOMXComponent.cpp"},"deprecated":false}],"spl":"2024-03-01","severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/av/+/a542f2c50700ca6df93e966fe8d4c468e1a15d9a"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-273935108.json"}},{"package":{"name":"platform/frameworks/av","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2024-03-01"}]}],"versions":["12"],"ecosystem_specific":{"types":["EoP"],"vanir_signatures":[{"source":"https://android.googlesource.com/platform/frameworks/av/+/80e0acc096d201e80a1b65af944b1e47c9dd6f7b","signature_type":"Function","signature_version":"v1","id":"ASB-A-273935108-1f461945","digest":{"function_hash":"200983221757485306743584430014462836827","length":1618},"target":{"function":"SoftVideoDecoderOMXComponent::internalSetConfig","file":"media/libstagefright/omx/SoftVideoDecoderOMXComponent.cpp"},"deprecated":false},{"source":"https://android.googlesource.com/platform/frameworks/av/+/80e0acc096d201e80a1b65af944b1e47c9dd6f7b","signature_type":"Line","signature_version":"v1","id":"ASB-A-273935108-4287d68a","digest":{"threshold":0.9,"line_hashes":["250277166995589253424360724569768389234","34624681348147893793344478018212534023","78092223054894978558607607022892929019","145536400559010198293713714013421274942","106411573731740925544123314267413544625","29138224618757718333167329212448690483"]},"target":{"file":"media/libstagefright/omx/SoftVideoDecoderOMXComponent.cpp"},"deprecated":false},{"source":"https://android.googlesource.com/platform/frameworks/av/+/80e0acc096d201e80a1b65af944b1e47c9dd6f7b","signature_type":"Function","signature_version":"v1","id":"ASB-A-273935108-b0c624b6","digest":{"function_hash":"256198747448694616167020467032055940390","length":1775},"target":{"function":"SoftVideoDecoderOMXComponent::getConfig","file":"media/libstagefright/omx/SoftVideoDecoderOMXComponent.cpp"},"deprecated":false}],"spl":"2024-03-01","severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/av/+/80e0acc096d201e80a1b65af944b1e47c9dd6f7b"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-273935108.json"}},{"package":{"name":"platform/frameworks/av","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2024-03-01"}]}],"versions":["12L"],"ecosystem_specific":{"types":["EoP"],"vanir_signatures":[{"source":"https://android.googlesource.com/platform/frameworks/av/+/80e0acc096d201e80a1b65af944b1e47c9dd6f7b","signature_type":"Function","signature_version":"v1","id":"ASB-A-273935108-336ec842","digest":{"function_hash":"200983221757485306743584430014462836827","length":1618},"target":{"function":"SoftVideoDecoderOMXComponent::internalSetConfig","file":"media/libstagefright/omx/SoftVideoDecoderOMXComponent.cpp"},"deprecated":false},{"source":"https://android.googlesource.com/platform/frameworks/av/+/80e0acc096d201e80a1b65af944b1e47c9dd6f7b","signature_type":"Function","signature_version":"v1","id":"ASB-A-273935108-634d44f1","digest":{"function_hash":"256198747448694616167020467032055940390","length":1775},"target":{"function":"SoftVideoDecoderOMXComponent::getConfig","file":"media/libstagefright/omx/SoftVideoDecoderOMXComponent.cpp"},"deprecated":false},{"source":"https://android.googlesource.com/platform/frameworks/av/+/80e0acc096d201e80a1b65af944b1e47c9dd6f7b","signature_type":"Line","signature_version":"v1","id":"ASB-A-273935108-def07f26","digest":{"threshold":0.9,"line_hashes":["250277166995589253424360724569768389234","34624681348147893793344478018212534023","78092223054894978558607607022892929019","145536400559010198293713714013421274942","106411573731740925544123314267413544625","29138224618757718333167329212448690483"]},"target":{"file":"media/libstagefright/omx/SoftVideoDecoderOMXComponent.cpp"},"deprecated":false}],"spl":"2024-03-01","severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/av/+/80e0acc096d201e80a1b65af944b1e47c9dd6f7b"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-273935108.json"}},{"package":{"name":"platform/frameworks/av","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2024-03-01"}]}],"versions":["13"],"ecosystem_specific":{"types":["EoP"],"vanir_signatures":[{"source":"https://android.googlesource.com/platform/frameworks/av/+/80e0acc096d201e80a1b65af944b1e47c9dd6f7b","signature_type":"Function","signature_version":"v1","id":"ASB-A-273935108-7bd3a91a","digest":{"function_hash":"200983221757485306743584430014462836827","length":1618},"target":{"function":"SoftVideoDecoderOMXComponent::internalSetConfig","file":"media/libstagefright/omx/SoftVideoDecoderOMXComponent.cpp"},"deprecated":false},{"source":"https://android.googlesource.com/platform/frameworks/av/+/80e0acc096d201e80a1b65af944b1e47c9dd6f7b","signature_type":"Function","signature_version":"v1","id":"ASB-A-273935108-a4c73d64","digest":{"function_hash":"256198747448694616167020467032055940390","length":1775},"target":{"function":"SoftVideoDecoderOMXComponent::getConfig","file":"media/libstagefright/omx/SoftVideoDecoderOMXComponent.cpp"},"deprecated":false},{"source":"https://android.googlesource.com/platform/frameworks/av/+/80e0acc096d201e80a1b65af944b1e47c9dd6f7b","signature_type":"Line","signature_version":"v1","id":"ASB-A-273935108-b1e633d4","digest":{"threshold":0.9,"line_hashes":["250277166995589253424360724569768389234","34624681348147893793344478018212534023","78092223054894978558607607022892929019","145536400559010198293713714013421274942","106411573731740925544123314267413544625","29138224618757718333167329212448690483"]},"target":{"file":"media/libstagefright/omx/SoftVideoDecoderOMXComponent.cpp"},"deprecated":false}],"spl":"2024-03-01","severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/av/+/80e0acc096d201e80a1b65af944b1e47c9dd6f7b"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-273935108.json"}},{"package":{"name":"platform/frameworks/av","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14:0"},{"fixed":"14:2024-03-01"}]}],"versions":["14"],"ecosystem_specific":{"types":["EoP"],"vanir_signatures":[{"source":"https://android.googlesource.com/platform/frameworks/av/+/80e0acc096d201e80a1b65af944b1e47c9dd6f7b","signature_type":"Function","signature_version":"v1","id":"ASB-A-273935108-15cc9f58","digest":{"function_hash":"200983221757485306743584430014462836827","length":1618},"target":{"function":"SoftVideoDecoderOMXComponent::internalSetConfig","file":"media/libstagefright/omx/SoftVideoDecoderOMXComponent.cpp"},"deprecated":false},{"source":"https://android.googlesource.com/platform/frameworks/av/+/80e0acc096d201e80a1b65af944b1e47c9dd6f7b","signature_type":"Function","signature_version":"v1","id":"ASB-A-273935108-31e09af5","digest":{"function_hash":"256198747448694616167020467032055940390","length":1775},"target":{"function":"SoftVideoDecoderOMXComponent::getConfig","file":"media/libstagefright/omx/SoftVideoDecoderOMXComponent.cpp"},"deprecated":false},{"source":"https://android.googlesource.com/platform/frameworks/av/+/80e0acc096d201e80a1b65af944b1e47c9dd6f7b","signature_type":"Line","signature_version":"v1","id":"ASB-A-273935108-d7d3f0da","digest":{"threshold":0.9,"line_hashes":["250277166995589253424360724569768389234","34624681348147893793344478018212534023","78092223054894978558607607022892929019","145536400559010198293713714013421274942","106411573731740925544123314267413544625","29138224618757718333167329212448690483"]},"target":{"file":"media/libstagefright/omx/SoftVideoDecoderOMXComponent.cpp"},"deprecated":false}],"spl":"2024-03-01","severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/av/+/80e0acc096d201e80a1b65af944b1e47c9dd6f7b"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-273935108.json"}}],"schema_version":"1.7.5"}