{"id":"ASB-A-283962802","details":"In visitUris of Notification.java, there is a possible way to display images from another user due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-283962802","CVE-2023-35668"],"modified":"2026-05-22T15:55:21.353668239Z","published":"2023-12-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2023-12-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/b7bd7df91740da680a5c3a84d8dd91b4ca6956dd"}],"affected":[{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14-next:0"},{"fixed":"14-next:2023-12-01"}]}],"versions":["14-next"],"ecosystem_specific":{"types":["ID"],"vanir_signatures":[{"source":"https://android.googlesource.com/platform/frameworks/base/+/d770f706d943a7ff3095fb0d18b73cd2820e5f0b","digest":{"function_hash":"29203323297885384493659448925045519817","length":2639},"target":{"file":"core/java/android/app/Notification.java","function":"visitUris"},"deprecated":false,"signature_version":"v1","signature_type":"Function","id":"ASB-A-283962802-cb3b42fc"},{"digest":{"line_hashes":["171382021060146019994183810298757766274","209727135170950016619958327047086003845","222581126683593730429250548465234379834","182174804976035329774921094615038043771","303434344376307165755255759506123329699","96802014755626440041800288545893188987","243914122422970178253073277090849461956","106386172300797820375062882942015812786","275423800456750119830506244773551901606","38291429864868648221893071760536293121","63440471419771065461086291363062212153","202992266509600817457929899926101805783","90709302688690791459433359582740844527","189259289722399902992640661459053081761","110582045004914461110056641720439303365"],"threshold":0.9},"deprecated":false,"target":{"file":"core/java/android/app/Notification.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/d770f706d943a7ff3095fb0d18b73cd2820e5f0b","signature_version":"v1","signature_type":"Line","id":"ASB-A-283962802-d3192061"}],"spl":"2023-12-01","severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/d770f706d943a7ff3095fb0d18b73cd2820e5f0b"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-283962802.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2023-12-01"}]}],"versions":["11"],"ecosystem_specific":{"types":["ID"],"vanir_signatures":[{"source":"https://android.googlesource.com/platform/frameworks/base/+/a6f44e911f2d7204cc28c710e54f97c96231abab","digest":{"function_hash":"88690414053046570452154742374956197705","length":2445},"target":{"file":"core/java/android/app/Notification.java","function":"visitUris"},"deprecated":false,"signature_version":"v1","signature_type":"Function","id":"ASB-A-283962802-722fe580"},{"source":"https://android.googlesource.com/platform/frameworks/base/+/a6f44e911f2d7204cc28c710e54f97c96231abab","digest":{"threshold":0.9,"line_hashes":["11425810881900634527917672131491316607","209727135170950016619958327047086003845","222581126683593730429250548465234379834","182174804976035329774921094615038043771","303434344376307165755255759506123329699","96802014755626440041800288545893188987","243914122422970178253073277090849461956","106386172300797820375062882942015812786","275423800456750119830506244773551901606","38291429864868648221893071760536293121","63440471419771065461086291363062212153","202992266509600817457929899926101805783","90709302688690791459433359582740844527","189259289722399902992640661459053081761","110582045004914461110056641720439303365"]},"target":{"file":"core/java/android/app/Notification.java"},"deprecated":false,"signature_version":"v1","signature_type":"Line","id":"ASB-A-283962802-a8a9dd63"}],"spl":"2023-12-01","fixes":["https://android.googlesource.com/platform/frameworks/base/+/a6f44e911f2d7204cc28c710e54f97c96231abab"],"severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-283962802.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2023-12-01"}]}],"versions":["12"],"ecosystem_specific":{"types":["ID"],"vanir_signatures":[{"digest":{"function_hash":"328630913936997539884917677266248587884","length":2768},"deprecated":false,"target":{"file":"core/java/android/app/Notification.java","function":"visitUris"},"source":"https://android.googlesource.com/platform/frameworks/base/+/3d36966ea2aeebc3501a69a8ef7afce5ef593cee","signature_version":"v1","signature_type":"Function","id":"ASB-A-283962802-725c912f"},{"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/3d36966ea2aeebc3501a69a8ef7afce5ef593cee","target":{"file":"core/java/android/app/Notification.java"},"signature_type":"Line","signature_version":"v1","digest":{"line_hashes":["171382021060146019994183810298757766274","209727135170950016619958327047086003845","222581126683593730429250548465234379834","182174804976035329774921094615038043771","303434344376307165755255759506123329699","96802014755626440041800288545893188987","243914122422970178253073277090849461956","106386172300797820375062882942015812786","275423800456750119830506244773551901606","38291429864868648221893071760536293121","63440471419771065461086291363062212153","202992266509600817457929899926101805783","90709302688690791459433359582740844527","189259289722399902992640661459053081761","110582045004914461110056641720439303365"],"threshold":0.9},"id":"ASB-A-283962802-de09fca3"}],"spl":"2023-12-01","fixes":["https://android.googlesource.com/platform/frameworks/base/+/3d36966ea2aeebc3501a69a8ef7afce5ef593cee"],"severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-283962802.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2023-12-01"}]}],"versions":["12L"],"ecosystem_specific":{"types":["ID"],"vanir_signatures":[{"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/3d36966ea2aeebc3501a69a8ef7afce5ef593cee","target":{"file":"core/java/android/app/Notification.java"},"id":"ASB-A-283962802-481d01f5","signature_version":"v1","digest":{"line_hashes":["171382021060146019994183810298757766274","209727135170950016619958327047086003845","222581126683593730429250548465234379834","182174804976035329774921094615038043771","303434344376307165755255759506123329699","96802014755626440041800288545893188987","243914122422970178253073277090849461956","106386172300797820375062882942015812786","275423800456750119830506244773551901606","38291429864868648221893071760536293121","63440471419771065461086291363062212153","202992266509600817457929899926101805783","90709302688690791459433359582740844527","189259289722399902992640661459053081761","110582045004914461110056641720439303365"],"threshold":0.9},"signature_type":"Line"},{"source":"https://android.googlesource.com/platform/frameworks/base/+/3d36966ea2aeebc3501a69a8ef7afce5ef593cee","digest":{"function_hash":"328630913936997539884917677266248587884","length":2768},"target":{"file":"core/java/android/app/Notification.java","function":"visitUris"},"deprecated":false,"signature_version":"v1","signature_type":"Function","id":"ASB-A-283962802-5e8e5700"}],"spl":"2023-12-01","severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/3d36966ea2aeebc3501a69a8ef7afce5ef593cee"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-283962802.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2023-12-01"}]}],"versions":["13"],"ecosystem_specific":{"types":["ID"],"vanir_signatures":[{"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/3d36966ea2aeebc3501a69a8ef7afce5ef593cee","target":{"file":"core/java/android/app/Notification.java"},"signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["171382021060146019994183810298757766274","209727135170950016619958327047086003845","222581126683593730429250548465234379834","182174804976035329774921094615038043771","303434344376307165755255759506123329699","96802014755626440041800288545893188987","243914122422970178253073277090849461956","106386172300797820375062882942015812786","275423800456750119830506244773551901606","38291429864868648221893071760536293121","63440471419771065461086291363062212153","202992266509600817457929899926101805783","90709302688690791459433359582740844527","189259289722399902992640661459053081761","110582045004914461110056641720439303365"]},"id":"ASB-A-283962802-2025cd56"},{"digest":{"function_hash":"328630913936997539884917677266248587884","length":2768},"deprecated":false,"target":{"file":"core/java/android/app/Notification.java","function":"visitUris"},"source":"https://android.googlesource.com/platform/frameworks/base/+/3d36966ea2aeebc3501a69a8ef7afce5ef593cee","signature_version":"v1","signature_type":"Function","id":"ASB-A-283962802-4b971e19"}],"spl":"2023-12-01","severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/3d36966ea2aeebc3501a69a8ef7afce5ef593cee"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-283962802.json"}}],"schema_version":"1.7.5"}