{"id":"ASB-A-275418191","details":"In readSampleData of NuMediaExtractor.cpp, there is a possible out of bounds write due to uninitialized data. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.","aliases":["A-275418191","CVE-2023-21127"],"modified":"2026-05-22T15:55:21.353668239Z","published":"2023-06-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2023-06-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/av/+/ff06107de18166f1d97baddabfe23a608ef35ceb"}],"affected":[{"package":{"name":"platform/frameworks/av","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13-next:0"},{"fixed":"13-next:2023-06-01"}]}],"versions":["13-next"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/av/+/943fc12219b21d2a98f0ddc070b9b316a6f5d412"],"vanir_signatures":[{"deprecated":false,"target":{"function":"NuMediaExtractor::appendVorbisNumPageSamples","file":"media/libstagefright/NuMediaExtractor.cpp"},"signature_type":"Function","signature_version":"v1","id":"ASB-A-275418191-ad6cb47a","digest":{"length":1208,"function_hash":"256305904202997360665992662178442636647"},"source":"https://android.googlesource.com/platform/frameworks/av/+/943fc12219b21d2a98f0ddc070b9b316a6f5d412"},{"id":"ASB-A-275418191-d2873602","digest":{"length":799,"function_hash":"187534784423043132727814070735583040318"},"target":{"function":"NuMediaExtractor::readSampleData","file":"media/libstagefright/NuMediaExtractor.cpp"},"deprecated":false,"signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/av/+/943fc12219b21d2a98f0ddc070b9b316a6f5d412"},{"id":"ASB-A-275418191-ee320fb9","digest":{"threshold":0.9,"line_hashes":["283217741136541281662020523354178829598","185546205597131107083701168944001137751","175932367583564604799062484674933857763","137845207249137899784704001335788762489","298198521707984461963266084020664636486","161637793484050339150122244137750521431","23407221044265165971680590599441091402","185968861969003845347730508463039992433","62256047970286530211870936170771590070","38039659121007000054133227695071658555","4716636295578313303102259672829176470","237662365700516168864270773840182596068","318143005539248426702385773713687341284","207781726756524367263454835582474334957","230291368270224380033698909882736336239","159010559817431969426902154839361420510","24542478645988523278336721448569127612","120504561171381327933606515652055322692","315201648281665755375307479475525822987","53278902239985992418014447409454208907","178356102237246945926629792767744911517","184561256215240336210796048022941283157","260858617001690435747135531195032942371","199957772064564005832259788587295138457","328681620858005784177964507345755534711","311465027644127185633929173203381653564"]},"target":{"file":"media/libstagefright/NuMediaExtractor.cpp"},"deprecated":false,"signature_version":"v1","signature_type":"Line","source":"https://android.googlesource.com/platform/frameworks/av/+/943fc12219b21d2a98f0ddc070b9b316a6f5d412"}],"severity":"Critical","types":["RCE"],"spl":"2023-06-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-275418191.json"}},{"package":{"name":"platform/frameworks/av","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2023-06-01"}]}],"versions":["11"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/av/+/84c69bca81175feb2fd97ebb22e432ee41572786"],"vanir_signatures":[{"target":{"file":"media/libstagefright/NuMediaExtractor.cpp"},"signature_type":"Line","id":"ASB-A-275418191-0eb0b30e","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["283217741136541281662020523354178829598","185546205597131107083701168944001137751","175932367583564604799062484674933857763","137845207249137899784704001335788762489","298198521707984461963266084020664636486","161637793484050339150122244137750521431","23407221044265165971680590599441091402","185968861969003845347730508463039992433","62256047970286530211870936170771590070","38039659121007000054133227695071658555","4716636295578313303102259672829176470","237662365700516168864270773840182596068","318143005539248426702385773713687341284","207781726756524367263454835582474334957","230291368270224380033698909882736336239","159010559817431969426902154839361420510","24542478645988523278336721448569127612","120504561171381327933606515652055322692","315201648281665755375307479475525822987","53278902239985992418014447409454208907","178356102237246945926629792767744911517","184561256215240336210796048022941283157","260858617001690435747135531195032942371","199957772064564005832259788587295138457","328681620858005784177964507345755534711","311465027644127185633929173203381653564"]},"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/av/+/84c69bca81175feb2fd97ebb22e432ee41572786"},{"target":{"function":"NuMediaExtractor::appendVorbisNumPageSamples","file":"media/libstagefright/NuMediaExtractor.cpp"},"signature_type":"Function","id":"ASB-A-275418191-d54bcb11","signature_version":"v1","digest":{"length":1208,"function_hash":"256305904202997360665992662178442636647"},"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/av/+/84c69bca81175feb2fd97ebb22e432ee41572786"},{"id":"ASB-A-275418191-fb0e251d","digest":{"length":799,"function_hash":"187534784423043132727814070735583040318"},"target":{"function":"NuMediaExtractor::readSampleData","file":"media/libstagefright/NuMediaExtractor.cpp"},"deprecated":false,"signature_type":"Function","signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/av/+/84c69bca81175feb2fd97ebb22e432ee41572786"}],"severity":"Critical","types":["RCE"],"spl":"2023-06-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-275418191.json"}},{"package":{"name":"platform/frameworks/av","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2023-06-01"}]}],"versions":["12"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/av/+/84c69bca81175feb2fd97ebb22e432ee41572786"],"vanir_signatures":[{"id":"ASB-A-275418191-42eb24ac","digest":{"length":799,"function_hash":"187534784423043132727814070735583040318"},"target":{"function":"NuMediaExtractor::readSampleData","file":"media/libstagefright/NuMediaExtractor.cpp"},"deprecated":false,"signature_type":"Function","signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/av/+/84c69bca81175feb2fd97ebb22e432ee41572786"},{"signature_type":"Function","id":"ASB-A-275418191-92bb2c77","digest":{"length":1208,"function_hash":"256305904202997360665992662178442636647"},"deprecated":false,"target":{"function":"NuMediaExtractor::appendVorbisNumPageSamples","file":"media/libstagefright/NuMediaExtractor.cpp"},"signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/av/+/84c69bca81175feb2fd97ebb22e432ee41572786"},{"signature_type":"Line","id":"ASB-A-275418191-ee6c4a05","digest":{"threshold":0.9,"line_hashes":["283217741136541281662020523354178829598","185546205597131107083701168944001137751","175932367583564604799062484674933857763","137845207249137899784704001335788762489","298198521707984461963266084020664636486","161637793484050339150122244137750521431","23407221044265165971680590599441091402","185968861969003845347730508463039992433","62256047970286530211870936170771590070","38039659121007000054133227695071658555","4716636295578313303102259672829176470","237662365700516168864270773840182596068","318143005539248426702385773713687341284","207781726756524367263454835582474334957","230291368270224380033698909882736336239","159010559817431969426902154839361420510","24542478645988523278336721448569127612","120504561171381327933606515652055322692","315201648281665755375307479475525822987","53278902239985992418014447409454208907","178356102237246945926629792767744911517","184561256215240336210796048022941283157","260858617001690435747135531195032942371","199957772064564005832259788587295138457","328681620858005784177964507345755534711","311465027644127185633929173203381653564"]},"deprecated":false,"target":{"file":"media/libstagefright/NuMediaExtractor.cpp"},"signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/av/+/84c69bca81175feb2fd97ebb22e432ee41572786"}],"severity":"Critical","types":["RCE"],"spl":"2023-06-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-275418191.json"}},{"package":{"name":"platform/frameworks/av","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2023-06-01"}]}],"versions":["12L"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/av/+/84c69bca81175feb2fd97ebb22e432ee41572786"],"vanir_signatures":[{"deprecated":false,"target":{"file":"media/libstagefright/NuMediaExtractor.cpp"},"signature_type":"Line","signature_version":"v1","id":"ASB-A-275418191-2eca2cb5","digest":{"threshold":0.9,"line_hashes":["283217741136541281662020523354178829598","185546205597131107083701168944001137751","175932367583564604799062484674933857763","137845207249137899784704001335788762489","298198521707984461963266084020664636486","161637793484050339150122244137750521431","23407221044265165971680590599441091402","185968861969003845347730508463039992433","62256047970286530211870936170771590070","38039659121007000054133227695071658555","4716636295578313303102259672829176470","237662365700516168864270773840182596068","318143005539248426702385773713687341284","207781726756524367263454835582474334957","230291368270224380033698909882736336239","159010559817431969426902154839361420510","24542478645988523278336721448569127612","120504561171381327933606515652055322692","315201648281665755375307479475525822987","53278902239985992418014447409454208907","178356102237246945926629792767744911517","184561256215240336210796048022941283157","260858617001690435747135531195032942371","199957772064564005832259788587295138457","328681620858005784177964507345755534711","311465027644127185633929173203381653564"]},"source":"https://android.googlesource.com/platform/frameworks/av/+/84c69bca81175feb2fd97ebb22e432ee41572786"},{"id":"ASB-A-275418191-a7f17e19","digest":{"length":1208,"function_hash":"256305904202997360665992662178442636647"},"target":{"function":"NuMediaExtractor::appendVorbisNumPageSamples","file":"media/libstagefright/NuMediaExtractor.cpp"},"deprecated":false,"signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/av/+/84c69bca81175feb2fd97ebb22e432ee41572786"},{"signature_type":"Function","id":"ASB-A-275418191-fc382e65","digest":{"length":799,"function_hash":"187534784423043132727814070735583040318"},"deprecated":false,"target":{"function":"NuMediaExtractor::readSampleData","file":"media/libstagefright/NuMediaExtractor.cpp"},"signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/av/+/84c69bca81175feb2fd97ebb22e432ee41572786"}],"severity":"Critical","types":["RCE"],"spl":"2023-06-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-275418191.json"}},{"package":{"name":"platform/frameworks/av","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2023-06-01"}]}],"versions":["13"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/av/+/84c69bca81175feb2fd97ebb22e432ee41572786"],"vanir_signatures":[{"digest":{"threshold":0.9,"line_hashes":["283217741136541281662020523354178829598","185546205597131107083701168944001137751","175932367583564604799062484674933857763","137845207249137899784704001335788762489","298198521707984461963266084020664636486","161637793484050339150122244137750521431","23407221044265165971680590599441091402","185968861969003845347730508463039992433","62256047970286530211870936170771590070","38039659121007000054133227695071658555","4716636295578313303102259672829176470","237662365700516168864270773840182596068","318143005539248426702385773713687341284","207781726756524367263454835582474334957","230291368270224380033698909882736336239","159010559817431969426902154839361420510","24542478645988523278336721448569127612","120504561171381327933606515652055322692","315201648281665755375307479475525822987","53278902239985992418014447409454208907","178356102237246945926629792767744911517","184561256215240336210796048022941283157","260858617001690435747135531195032942371","199957772064564005832259788587295138457","328681620858005784177964507345755534711","311465027644127185633929173203381653564"]},"deprecated":false,"target":{"file":"media/libstagefright/NuMediaExtractor.cpp"},"signature_version":"v1","signature_type":"Line","id":"ASB-A-275418191-119bb86c","source":"https://android.googlesource.com/platform/frameworks/av/+/84c69bca81175feb2fd97ebb22e432ee41572786"},{"signature_type":"Function","id":"ASB-A-275418191-11a20f9b","digest":{"length":799,"function_hash":"187534784423043132727814070735583040318"},"signature_version":"v1","deprecated":false,"target":{"function":"NuMediaExtractor::readSampleData","file":"media/libstagefright/NuMediaExtractor.cpp"},"source":"https://android.googlesource.com/platform/frameworks/av/+/84c69bca81175feb2fd97ebb22e432ee41572786"},{"signature_type":"Function","id":"ASB-A-275418191-c374bc8c","digest":{"length":1208,"function_hash":"256305904202997360665992662178442636647"},"signature_version":"v1","deprecated":false,"target":{"function":"NuMediaExtractor::appendVorbisNumPageSamples","file":"media/libstagefright/NuMediaExtractor.cpp"},"source":"https://android.googlesource.com/platform/frameworks/av/+/84c69bca81175feb2fd97ebb22e432ee41572786"}],"severity":"Critical","types":["RCE"],"spl":"2023-06-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-275418191.json"}}],"schema_version":"1.7.5"}