{"id":"PUB-A-173473906","details":"In fillMainDataBuf of pvmp3_framedecoder.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.","aliases":["A-173473906","CVE-2021-0558"],"modified":"2026-05-26T15:46:26.044149249Z","published":"2021-06-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2021-06-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/av/+/b82dca76225fa11cf782127e4bcccd1fdf5fad17"}],"affected":[{"package":{"name":"platform/frameworks/av","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2021-06-01"}]}],"versions":["11"],"ecosystem_specific":{"severity":"Moderate","spl":"2021-06-01","types":["ID"],"vanir_signatures":[{"signature_version":"v1","target":{"file":"media/libstagefright/codecs/mp3dec/src/pvmp3_framedecoder.cpp"},"signature_type":"Line","id":"PUB-A-173473906-a8a75f47","digest":{"threshold":0.9,"line_hashes":["293797302228071633464526393653512212358","194408749592349630679277926751866505811","265216304529935388184389236603210923382","99891634823715483501898592333318890353","151670970261351436810416605515688262733","134702225329079229238339115777875359804","279460579511376967790585316174588197029","262680279748910785327260243555723466201","256449929897296075472208456890390018417","74914808464419985033693289305175865305","242652940077587176677110769447789862646","125296010726038879862062066713083226813","93140174556828749213919550582027907677","304874117891085880207039148465534010172","302428685006639890990796215503149761785","189030640590743404890054361091078431209","46207336480574915503612845485509415929","17044964744115648040156747980697241444","92082536629168664549167920208548419220","36793552561398743819051664877114457512","169298477066617655296210649508686288587","119142169220347366342828057813996981868","33351768027277512992257872736510737048","257186600609174655438253770054808097958","249186156668277998137571686618648117958"]},"source":"https://android.googlesource.com/platform/frameworks/av/+/b82dca76225fa11cf782127e4bcccd1fdf5fad17","deprecated":false},{"signature_version":"v1","target":{"file":"media/libstagefright/codecs/mp3dec/src/pvmp3_framedecoder.cpp","function":"fillMainDataBuf"},"signature_type":"Function","id":"PUB-A-173473906-b4dddc5a","digest":{"function_hash":"249533559069113622062965814695487421542","length":1305},"source":"https://android.googlesource.com/platform/frameworks/av/+/b82dca76225fa11cf782127e4bcccd1fdf5fad17","deprecated":false}],"fixes":["https://android.googlesource.com/platform/frameworks/av/+/b82dca76225fa11cf782127e4bcccd1fdf5fad17"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/PUB-A-173473906.json"}}],"schema_version":"1.7.5"}