{"id":"PUB-A-232242894","details":"In parseTrackFragmentRun() of MPEG4Extractor.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-232242894","CVE-2022-20532"],"modified":"2026-05-29T15:55:33.750044621Z","published":"2023-03-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2023-03-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/av/+/e82db4a35f2add04c02e77ed64b792b7cf83439c"}],"affected":[{"package":{"name":"platform/frameworks/av","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2023-03-01"}]}],"versions":["13"],"ecosystem_specific":{"spl":"2023-03-01","types":["EoP"],"fixes":["https://android.googlesource.com/platform/frameworks/av/+/e82db4a35f2add04c02e77ed64b792b7cf83439c"],"vanir_signatures":[{"digest":{"function_hash":"127807282526333446866159422139198730569","length":4047},"source":"https://android.googlesource.com/platform/frameworks/av/+/e82db4a35f2add04c02e77ed64b792b7cf83439c","id":"PUB-A-232242894-444f7113","signature_version":"v1","deprecated":false,"signature_type":"Function","target":{"function":"MPEG4Source::parseTrackFragmentRun","file":"media/extractors/mp4/MPEG4Extractor.cpp"},"match_only_versions":["13"]},{"digest":{"line_hashes":["325844836326897270383080422735018543020","73401810789559447981798956006238883286","12759891089999616353336792172366923006","279799298292364456670156094507835013771","184722982371514552118383073780856464165","204703760152285472985004211706638569170","19591658010227154334555377247770601119","168725568348552673427077892459981238207","314082881965328384906077605988830301191","151753225027299211864105372382651624174","113520896784971631815839455958186090917","156435971898080903822942011022140136576"],"threshold":0.9},"source":"https://android.googlesource.com/platform/frameworks/av/+/e82db4a35f2add04c02e77ed64b792b7cf83439c","id":"PUB-A-232242894-930f8862","signature_version":"v1","deprecated":false,"signature_type":"Line","target":{"file":"media/extractors/mp4/MPEG4Extractor.cpp"},"match_only_versions":["13"]}],"severity":"Moderate"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/PUB-A-232242894.json"}}],"schema_version":"1.7.5"}