{"id":"PUB-A-207502397","details":"In hme_add_new_node_to_a_sorted_array of hme_utils.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-207502397","CVE-2022-20209"],"modified":"2026-05-19T16:54:37.272608834Z","published":"2022-06-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2022-06-01"}],"affected":[{"package":{"name":"platform/external/libhevc","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L-next:0"},{"fixed":"12L-next:2022-06-01"}]}],"versions":["12L-next"],"ecosystem_specific":{"vanir_signatures":[{"id":"PUB-A-207502397-169c54f6","deprecated":false,"digest":{"line_hashes":["200311761834761207013842496516504895832","205821215673933791358262966163237804410","35232106781502469851740610407617269117","309572296878527312542482307870102795986","100837719991404751869428707270934512736"],"threshold":0.9},"source":"https://android.googlesource.com/platform/external/libhevc/+/057f2f3aae4f60765c14deafe38ad75e93e85d34","target":{"file":"encoder/hme_refine.c"},"signature_version":"v1","signature_type":"Line","match_only_versions":["12L-next"]},{"id":"PUB-A-207502397-257d23cb","deprecated":false,"source":"https://android.googlesource.com/platform/external/libhevc/+/057f2f3aae4f60765c14deafe38ad75e93e85d34","digest":{"function_hash":"274971119024785641213910422059272943711","length":1885},"target":{"function":"hme_update_results_grid_pu_bestn_no_encode","file":"encoder/hme_err_compute.c"},"signature_version":"v1","signature_type":"Function","match_only_versions":["12L-next"]},{"deprecated":false,"id":"PUB-A-207502397-941d731a","digest":{"line_hashes":["190583638618767158118376652109193316367","293947317388124284679689045168532054059","71071465133159178968049211318770674272","239050269791631259492229995703013734738","297603948607307601594585060670195044605","85079740464727846026831739259238763388","6788755577231196781310376576761040506","97480469053091829584819581686862516112","311563938651849718513920976280125659400","36588089149487993081288585345827492860","195886725436034071441993635206693420124","18647124238232273838287847016842643470","323030537734665531285307103692374934177","214852066551497752013655974015209956449","263274371934276688612905206803632895899","66327453306526090034835403789450074902","41355602596882207735693532699587242402","127485505986590875850168855634295028999","321974066724409291426689570489960951664","63425222367259699717431377126733738983","27932856898961142916799941392190923167","202814289515973696655351134951393997638"],"threshold":0.9},"source":"https://android.googlesource.com/platform/external/libhevc/+/057f2f3aae4f60765c14deafe38ad75e93e85d34","target":{"file":"encoder/hme_err_compute.c"},"signature_version":"v1","signature_type":"Line","match_only_versions":["12L-next"]},{"id":"PUB-A-207502397-f58246b0","deprecated":false,"digest":{"function_hash":"198384453410942725806421092339066359548","length":4832},"source":"https://android.googlesource.com/platform/external/libhevc/+/057f2f3aae4f60765c14deafe38ad75e93e85d34","target":{"function":"hme_update_mv_bank_in_l1_me","file":"encoder/hme_refine.c"},"signature_version":"v1","signature_type":"Function","match_only_versions":["12L-next"]}],"types":["ID"],"fixes":["https://android.googlesource.com/platform/external/libhevc/+/057f2f3aae4f60765c14deafe38ad75e93e85d34"],"severity":"Moderate","spl":"2022-06-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/PUB-A-207502397.json"}},{"package":{"name":"platform/external/libhevc","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2022-06-01"}]}],"versions":["12L"],"ecosystem_specific":{"vanir_signatures":[{"id":"PUB-A-207502397-8b1175bc","deprecated":false,"source":"https://android.googlesource.com/platform/external/libhevc/+/2db516cc99d47f1e5f4444d87859dd5583a4a802","digest":{"line_hashes":["190583638618767158118376652109193316367","293947317388124284679689045168532054059","71071465133159178968049211318770674272","239050269791631259492229995703013734738","297603948607307601594585060670195044605","85079740464727846026831739259238763388","6788755577231196781310376576761040506","97480469053091829584819581686862516112","311563938651849718513920976280125659400","36588089149487993081288585345827492860","195886725436034071441993635206693420124","18647124238232273838287847016842643470","323030537734665531285307103692374934177","214852066551497752013655974015209956449","263274371934276688612905206803632895899","66327453306526090034835403789450074902","41355602596882207735693532699587242402","127485505986590875850168855634295028999","321974066724409291426689570489960951664","63425222367259699717431377126733738983","27932856898961142916799941392190923167","202814289515973696655351134951393997638"],"threshold":0.9},"target":{"file":"encoder/hme_err_compute.c"},"signature_version":"v1","signature_type":"Line","match_only_versions":["12L"]},{"id":"PUB-A-207502397-d4b26613","deprecated":false,"digest":{"function_hash":"274971119024785641213910422059272943711","length":1885},"source":"https://android.googlesource.com/platform/external/libhevc/+/2db516cc99d47f1e5f4444d87859dd5583a4a802","target":{"function":"hme_update_results_grid_pu_bestn_no_encode","file":"encoder/hme_err_compute.c"},"signature_version":"v1","signature_type":"Function","match_only_versions":["12L"]},{"id":"PUB-A-207502397-d7b853c3","deprecated":false,"digest":{"line_hashes":["200311761834761207013842496516504895832","205821215673933791358262966163237804410","35232106781502469851740610407617269117","309572296878527312542482307870102795986","100837719991404751869428707270934512736"],"threshold":0.9},"source":"https://android.googlesource.com/platform/external/libhevc/+/2db516cc99d47f1e5f4444d87859dd5583a4a802","target":{"file":"encoder/hme_refine.c"},"signature_version":"v1","signature_type":"Line","match_only_versions":["12L"]},{"id":"PUB-A-207502397-de7a341c","deprecated":false,"digest":{"function_hash":"198384453410942725806421092339066359548","length":4832},"source":"https://android.googlesource.com/platform/external/libhevc/+/2db516cc99d47f1e5f4444d87859dd5583a4a802","target":{"function":"hme_update_mv_bank_in_l1_me","file":"encoder/hme_refine.c"},"signature_version":"v1","signature_type":"Function","match_only_versions":["12L"]}],"types":["ID"],"fixes":["https://android.googlesource.com/platform/external/libhevc/+/2db516cc99d47f1e5f4444d87859dd5583a4a802"],"severity":"Moderate","spl":"2022-06-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/PUB-A-207502397.json"}}],"schema_version":"1.7.5"}