{"id":"ASB-A-329641908","details":"In getConfig of SoftVideoDecoderOMXComponent.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-329641908","CVE-2024-40658"],"modified":"2026-04-07T15:34:34.465012Z","published":"2024-09-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2024-09-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/av/+/6d23fa05a40e5462d4b9bad28afa932e6e12a4f3"}],"affected":[{"package":{"name":"platform/frameworks/av","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"15-next:0"},{"fixed":"15-next:2024-09-01"}]}],"versions":["15-next"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/av/+/53298956ba6bb8f147a632d7aaed8566dfc203ee"],"severity":"High","vanir_signatures":[{"id":"ASB-A-329641908-93b85f5b","source":"https://android.googlesource.com/platform/frameworks/av/+/53298956ba6bb8f147a632d7aaed8566dfc203ee","signature_type":"Function","target":{"function":"SoftVideoDecoderOMXComponent::getConfig","file":"media/libstagefright/omx/SoftVideoDecoderOMXComponent.cpp"},"signature_version":"v1","deprecated":false,"digest":{"length":1836,"function_hash":"270907061862744315091167887695626519942"}},{"id":"ASB-A-329641908-ee438024","source":"https://android.googlesource.com/platform/frameworks/av/+/53298956ba6bb8f147a632d7aaed8566dfc203ee","signature_type":"Line","target":{"file":"media/libstagefright/omx/SoftVideoDecoderOMXComponent.cpp"},"signature_version":"v1","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["323840415345152352608431062819861833872","291742421858830832420113385530445475501","220311751295838541376304184315980191218","285456336744440996357481798234586458990"]}}],"spl":"2024-09-01","types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-329641908.json"}},{"package":{"name":"platform/frameworks/av","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2024-09-01"}]}],"versions":["12"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/av/+/f816148a719d2a3bbf432f11da98b3d5fa7de74f"],"severity":"High","vanir_signatures":[{"id":"ASB-A-329641908-607c3ede","source":"https://android.googlesource.com/platform/frameworks/av/+/f816148a719d2a3bbf432f11da98b3d5fa7de74f","signature_type":"Function","target":{"function":"SoftVideoDecoderOMXComponent::getConfig","file":"media/libstagefright/omx/SoftVideoDecoderOMXComponent.cpp"},"signature_version":"v1","deprecated":false,"digest":{"length":1836,"function_hash":"270907061862744315091167887695626519942"}},{"id":"ASB-A-329641908-6c9ead8c","source":"https://android.googlesource.com/platform/frameworks/av/+/f816148a719d2a3bbf432f11da98b3d5fa7de74f","signature_type":"Line","target":{"file":"media/libstagefright/omx/SoftVideoDecoderOMXComponent.cpp"},"signature_version":"v1","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["323840415345152352608431062819861833872","291742421858830832420113385530445475501","220311751295838541376304184315980191218","285456336744440996357481798234586458990"]}}],"spl":"2024-09-01","types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-329641908.json"}},{"package":{"name":"platform/frameworks/av","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2024-09-01"}]}],"versions":["12L"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/av/+/f816148a719d2a3bbf432f11da98b3d5fa7de74f"],"severity":"High","vanir_signatures":[{"id":"ASB-A-329641908-4745dab8","source":"https://android.googlesource.com/platform/frameworks/av/+/f816148a719d2a3bbf432f11da98b3d5fa7de74f","signature_type":"Line","target":{"file":"media/libstagefright/omx/SoftVideoDecoderOMXComponent.cpp"},"signature_version":"v1","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["323840415345152352608431062819861833872","291742421858830832420113385530445475501","220311751295838541376304184315980191218","285456336744440996357481798234586458990"]}},{"id":"ASB-A-329641908-bd61418f","source":"https://android.googlesource.com/platform/frameworks/av/+/f816148a719d2a3bbf432f11da98b3d5fa7de74f","signature_type":"Function","target":{"function":"SoftVideoDecoderOMXComponent::getConfig","file":"media/libstagefright/omx/SoftVideoDecoderOMXComponent.cpp"},"signature_version":"v1","deprecated":false,"digest":{"length":1836,"function_hash":"270907061862744315091167887695626519942"}}],"spl":"2024-09-01","types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-329641908.json"}},{"package":{"name":"platform/frameworks/av","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2024-09-01"}]}],"versions":["13"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/av/+/f816148a719d2a3bbf432f11da98b3d5fa7de74f"],"severity":"High","vanir_signatures":[{"id":"ASB-A-329641908-2c58ae46","source":"https://android.googlesource.com/platform/frameworks/av/+/f816148a719d2a3bbf432f11da98b3d5fa7de74f","signature_type":"Function","target":{"function":"SoftVideoDecoderOMXComponent::getConfig","file":"media/libstagefright/omx/SoftVideoDecoderOMXComponent.cpp"},"signature_version":"v1","deprecated":false,"digest":{"length":1836,"function_hash":"270907061862744315091167887695626519942"}},{"id":"ASB-A-329641908-822c0d49","source":"https://android.googlesource.com/platform/frameworks/av/+/f816148a719d2a3bbf432f11da98b3d5fa7de74f","signature_type":"Line","target":{"file":"media/libstagefright/omx/SoftVideoDecoderOMXComponent.cpp"},"signature_version":"v1","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["323840415345152352608431062819861833872","291742421858830832420113385530445475501","220311751295838541376304184315980191218","285456336744440996357481798234586458990"]}}],"spl":"2024-09-01","types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-329641908.json"}},{"package":{"name":"platform/frameworks/av","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14:0"},{"fixed":"14:2024-09-01"}]}],"versions":["14"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/av/+/f816148a719d2a3bbf432f11da98b3d5fa7de74f"],"severity":"High","vanir_signatures":[{"id":"ASB-A-329641908-1eb1c569","source":"https://android.googlesource.com/platform/frameworks/av/+/f816148a719d2a3bbf432f11da98b3d5fa7de74f","signature_type":"Line","target":{"file":"media/libstagefright/omx/SoftVideoDecoderOMXComponent.cpp"},"signature_version":"v1","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["323840415345152352608431062819861833872","291742421858830832420113385530445475501","220311751295838541376304184315980191218","285456336744440996357481798234586458990"]}},{"id":"ASB-A-329641908-b328fbb4","source":"https://android.googlesource.com/platform/frameworks/av/+/f816148a719d2a3bbf432f11da98b3d5fa7de74f","signature_type":"Function","target":{"function":"SoftVideoDecoderOMXComponent::getConfig","file":"media/libstagefright/omx/SoftVideoDecoderOMXComponent.cpp"},"signature_version":"v1","deprecated":false,"digest":{"length":1836,"function_hash":"270907061862744315091167887695626519942"}}],"spl":"2024-09-01","types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-329641908.json"}}],"schema_version":"1.7.5"}