{"id":"ASB-A-300476626","details":"In convertYUV420Planar16ToY410 of ColorConverter.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-300476626","CVE-2024-0018"],"modified":"2026-04-21T15:25:42.831358Z","published":"2024-01-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2024-01-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/av/+/bf6406041919f67219fd1829438dda28845d4c23"}],"affected":[{"package":{"name":"platform/frameworks/av","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14-next:0"},{"fixed":"14-next:2024-01-01"}]}],"versions":["14-next"],"ecosystem_specific":{"severity":"High","types":["EoP"],"fixes":["https://android.googlesource.com/platform/frameworks/av/+/de2ad0fad97d6d97d1e01f0e8d8309536eb268b4"],"spl":"2024-01-01","vanir_signatures":[{"deprecated":false,"target":{"function":"ColorConverter::convertYUV420Planar16ToY410","file":"media/libstagefright/colorconversion/ColorConverter.cpp"},"id":"ASB-A-300476626-a6c400d2","source":"https://android.googlesource.com/platform/frameworks/av/+/de2ad0fad97d6d97d1e01f0e8d8309536eb268b4","signature_type":"Function","signature_version":"v1","digest":{"length":2217,"function_hash":"310341208956179683334654377453475759995"}},{"deprecated":false,"target":{"file":"media/libstagefright/colorconversion/ColorConverter.cpp"},"id":"ASB-A-300476626-f5a6ac55","source":"https://android.googlesource.com/platform/frameworks/av/+/de2ad0fad97d6d97d1e01f0e8d8309536eb268b4","signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["237642773140770629223374241640798591635","163457611276205963244446981627721032515","74910921736916105675720479610668199226","270923727061087968670322124290773998805"]}}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-300476626.json"}},{"package":{"name":"platform/frameworks/av","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2024-01-01"}]}],"versions":["11"],"ecosystem_specific":{"severity":"High","types":["EoP"],"fixes":["https://android.googlesource.com/platform/frameworks/av/+/aa8298ec8eb903e1e3dd915fa24f32e1aea1f76c"],"spl":"2024-01-01","vanir_signatures":[{"deprecated":false,"target":{"file":"media/libstagefright/colorconversion/ColorConverter.cpp"},"id":"ASB-A-300476626-2fa9ba6e","source":"https://android.googlesource.com/platform/frameworks/av/+/aa8298ec8eb903e1e3dd915fa24f32e1aea1f76c","signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["237642773140770629223374241640798591635","163457611276205963244446981627721032515","74910921736916105675720479610668199226","270923727061087968670322124290773998805"]}},{"deprecated":false,"target":{"function":"ColorConverter::convertYUV420Planar16ToY410","file":"media/libstagefright/colorconversion/ColorConverter.cpp"},"id":"ASB-A-300476626-acfcebc1","source":"https://android.googlesource.com/platform/frameworks/av/+/aa8298ec8eb903e1e3dd915fa24f32e1aea1f76c","signature_type":"Function","signature_version":"v1","digest":{"length":2217,"function_hash":"310341208956179683334654377453475759995"}}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-300476626.json"}},{"package":{"name":"platform/frameworks/av","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2024-01-01"}]}],"versions":["12"],"ecosystem_specific":{"severity":"High","types":["EoP"],"fixes":["https://android.googlesource.com/platform/frameworks/av/+/aa8298ec8eb903e1e3dd915fa24f32e1aea1f76c"],"spl":"2024-01-01","vanir_signatures":[{"deprecated":false,"target":{"function":"ColorConverter::convertYUV420Planar16ToY410","file":"media/libstagefright/colorconversion/ColorConverter.cpp"},"id":"ASB-A-300476626-58c836e3","source":"https://android.googlesource.com/platform/frameworks/av/+/aa8298ec8eb903e1e3dd915fa24f32e1aea1f76c","signature_type":"Function","signature_version":"v1","digest":{"length":2217,"function_hash":"310341208956179683334654377453475759995"}},{"deprecated":false,"target":{"file":"media/libstagefright/colorconversion/ColorConverter.cpp"},"id":"ASB-A-300476626-5ac49bf9","source":"https://android.googlesource.com/platform/frameworks/av/+/aa8298ec8eb903e1e3dd915fa24f32e1aea1f76c","signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["237642773140770629223374241640798591635","163457611276205963244446981627721032515","74910921736916105675720479610668199226","270923727061087968670322124290773998805"]}}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-300476626.json"}},{"package":{"name":"platform/frameworks/av","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2024-01-01"}]}],"versions":["12L"],"ecosystem_specific":{"severity":"High","types":["EoP"],"fixes":["https://android.googlesource.com/platform/frameworks/av/+/aa8298ec8eb903e1e3dd915fa24f32e1aea1f76c"],"spl":"2024-01-01","vanir_signatures":[{"deprecated":false,"target":{"function":"ColorConverter::convertYUV420Planar16ToY410","file":"media/libstagefright/colorconversion/ColorConverter.cpp"},"id":"ASB-A-300476626-4dc6befc","source":"https://android.googlesource.com/platform/frameworks/av/+/aa8298ec8eb903e1e3dd915fa24f32e1aea1f76c","signature_type":"Function","signature_version":"v1","digest":{"length":2217,"function_hash":"310341208956179683334654377453475759995"}},{"deprecated":false,"target":{"file":"media/libstagefright/colorconversion/ColorConverter.cpp"},"id":"ASB-A-300476626-cf2ff474","source":"https://android.googlesource.com/platform/frameworks/av/+/aa8298ec8eb903e1e3dd915fa24f32e1aea1f76c","signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["237642773140770629223374241640798591635","163457611276205963244446981627721032515","74910921736916105675720479610668199226","270923727061087968670322124290773998805"]}}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-300476626.json"}},{"package":{"name":"platform/frameworks/av","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2024-01-01"}]}],"versions":["13"],"ecosystem_specific":{"severity":"High","types":["EoP"],"fixes":["https://android.googlesource.com/platform/frameworks/av/+/aa8298ec8eb903e1e3dd915fa24f32e1aea1f76c"],"spl":"2024-01-01","vanir_signatures":[{"deprecated":false,"target":{"function":"ColorConverter::convertYUV420Planar16ToY410","file":"media/libstagefright/colorconversion/ColorConverter.cpp"},"id":"ASB-A-300476626-6e28939b","source":"https://android.googlesource.com/platform/frameworks/av/+/aa8298ec8eb903e1e3dd915fa24f32e1aea1f76c","signature_type":"Function","signature_version":"v1","digest":{"length":2217,"function_hash":"310341208956179683334654377453475759995"}},{"deprecated":false,"target":{"file":"media/libstagefright/colorconversion/ColorConverter.cpp"},"id":"ASB-A-300476626-ac7c9d10","source":"https://android.googlesource.com/platform/frameworks/av/+/aa8298ec8eb903e1e3dd915fa24f32e1aea1f76c","signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["237642773140770629223374241640798591635","163457611276205963244446981627721032515","74910921736916105675720479610668199226","270923727061087968670322124290773998805"]}}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-300476626.json"}},{"package":{"name":"platform/frameworks/av","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14:0"},{"fixed":"14:2024-01-01"}]}],"versions":["14"],"ecosystem_specific":{"severity":"High","types":["EoP"],"fixes":["https://android.googlesource.com/platform/frameworks/av/+/aa8298ec8eb903e1e3dd915fa24f32e1aea1f76c"],"spl":"2024-01-01","vanir_signatures":[{"deprecated":false,"target":{"function":"ColorConverter::convertYUV420Planar16ToY410","file":"media/libstagefright/colorconversion/ColorConverter.cpp"},"id":"ASB-A-300476626-2fd62a53","source":"https://android.googlesource.com/platform/frameworks/av/+/aa8298ec8eb903e1e3dd915fa24f32e1aea1f76c","signature_type":"Function","signature_version":"v1","digest":{"length":2217,"function_hash":"310341208956179683334654377453475759995"}},{"deprecated":false,"target":{"file":"media/libstagefright/colorconversion/ColorConverter.cpp"},"id":"ASB-A-300476626-69905d61","source":"https://android.googlesource.com/platform/frameworks/av/+/aa8298ec8eb903e1e3dd915fa24f32e1aea1f76c","signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["237642773140770629223374241640798591635","163457611276205963244446981627721032515","74910921736916105675720479610668199226","270923727061087968670322124290773998805"]}}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-300476626.json"}}],"schema_version":"1.7.5"}