ASB-A-301470262
See a problem?- Import Source
- https://storage.googleapis.com/android-osv-test/ASB-A-301470262.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/ASB-A-301470262
- Aliases
-
- A-301470262
- CVE-2025-26455
- Published
- 2025-06-01T00:00:00Z
- Modified
- 2025-08-07T04:57:14.026746Z
- Summary
- [none]
- Details
-
In multiple functions of NdkMediaCodec.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/frameworks/av
Package
Ecosystem specific
{
"spl": "2025-06-01",
"vanir_signatures": [
{
"id": "ASB-A-301470262-2661c3b9",
"signature_type": "Function",
"source": "https://googleplex-android.googlesource.com/platform/frameworks/av/+/d69fe7b73a0ed14c2b5bc237f1a42314140c9458",
"target": {
"file": "media/ndk/NdkMediaCodec.cpp",
"function": "AMediaCodec_getOutputBuffer"
},
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 715.0,
"function_hash": "98694987338145071947296608874201862107"
}
},
{
"id": "ASB-A-301470262-4b7c555d",
"signature_type": "Function",
"source": "https://googleplex-android.googlesource.com/platform/frameworks/av/+/d69fe7b73a0ed14c2b5bc237f1a42314140c9458",
"target": {
"file": "media/ndk/NdkMediaCodec.cpp",
"function": "AMediaCodec_getInputBuffer"
},
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 811.0,
"function_hash": "305793044022599432944075141835477326463"
}
},
{
"id": "ASB-A-301470262-e02d2d57",
"signature_type": "Line",
"source": "https://googleplex-android.googlesource.com/platform/frameworks/av/+/d69fe7b73a0ed14c2b5bc237f1a42314140c9458",
"target": {
"file": "media/ndk/NdkMediaCodec.cpp"
},
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"71600360415418129174559212431824992477",
"76563954033470350988805698783571700052",
"226404815339819498657362227062984340364",
"327188650271913730232397723474300298690",
"94965926434051169257640214182215033121",
"337426919657139814683692752285689876091",
"44838245825590593655464951426693163600",
"88608768875686165973028908612579388024",
"155203362141733110879560540315643344056",
"7124372441177190717609079404781532088",
"270757280497983356755606498210015147891",
"71600360415418129174559212431824992477",
"76563954033470350988805698783571700052",
"36960143002159883296876170264643606198",
"254656710729864865729537234410561843857",
"94965926434051169257640214182215033121",
"337426919657139814683692752285689876091",
"169953714638657631881455144958345453661",
"284481401333772062076841903110157569174",
"44113216220255611064517012692770715403",
"315864493507467516835953944719729196448"
],
"threshold": 0.9
}
},
{
"id": "ASB-A-301470262-e443f23f",
"signature_type": "Function",
"source": "https://googleplex-android.googlesource.com/platform/frameworks/av/+/d69fe7b73a0ed14c2b5bc237f1a42314140c9458",
"target": {
"file": "media/ndk/NdkMediaCodec.cpp",
"function": "AMediaCodec_dequeueOutputBuffer"
},
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 648.0,
"function_hash": "131535608617307715521765791811359423310"
}
}
],
"types": [
"EoP"
],
"severity": "High",
"fixes": [
"https://googleplex-android.googlesource.com/platform/frameworks/av/+/d69fe7b73a0ed14c2b5bc237f1a42314140c9458"
]
}
Android / platform/frameworks/av
Package
Ecosystem specific
{
"spl": "2025-06-01",
"vanir_signatures": [
{
"id": "ASB-A-301470262-3851dc88",
"signature_type": "Function",
"source": "https://googleplex-android.googlesource.com/platform/frameworks/av/+/20cca3672f4fbcef3e8dd0cc1a46f585a576ab3c",
"target": {
"file": "media/ndk/NdkMediaCodec.cpp",
"function": "AMediaCodec_getOutputBuffer"
},
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 715.0,
"function_hash": "98694987338145071947296608874201862107"
}
},
{
"id": "ASB-A-301470262-45208d75",
"signature_type": "Line",
"source": "https://googleplex-android.googlesource.com/platform/frameworks/av/+/20cca3672f4fbcef3e8dd0cc1a46f585a576ab3c",
"target": {
"file": "media/ndk/NdkMediaCodec.cpp"
},
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"71600360415418129174559212431824992477",
"76563954033470350988805698783571700052",
"226404815339819498657362227062984340364",
"327188650271913730232397723474300298690",
"94965926434051169257640214182215033121",
"337426919657139814683692752285689876091",
"44838245825590593655464951426693163600",
"88608768875686165973028908612579388024",
"155203362141733110879560540315643344056",
"7124372441177190717609079404781532088",
"270757280497983356755606498210015147891",
"71600360415418129174559212431824992477",
"76563954033470350988805698783571700052",
"36960143002159883296876170264643606198",
"254656710729864865729537234410561843857",
"94965926434051169257640214182215033121",
"337426919657139814683692752285689876091",
"169953714638657631881455144958345453661",
"284481401333772062076841903110157569174",
"44113216220255611064517012692770715403",
"315864493507467516835953944719729196448"
],
"threshold": 0.9
}
},
{
"id": "ASB-A-301470262-a7c284dc",
"signature_type": "Function",
"source": "https://googleplex-android.googlesource.com/platform/frameworks/av/+/20cca3672f4fbcef3e8dd0cc1a46f585a576ab3c",
"target": {
"file": "media/ndk/NdkMediaCodec.cpp",
"function": "AMediaCodec_dequeueOutputBuffer"
},
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 648.0,
"function_hash": "131535608617307715521765791811359423310"
}
},
{
"id": "ASB-A-301470262-ca694dc4",
"signature_type": "Function",
"source": "https://googleplex-android.googlesource.com/platform/frameworks/av/+/20cca3672f4fbcef3e8dd0cc1a46f585a576ab3c",
"target": {
"file": "media/ndk/NdkMediaCodec.cpp",
"function": "AMediaCodec_getInputBuffer"
},
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 811.0,
"function_hash": "305793044022599432944075141835477326463"
}
}
],
"types": [
"EoP"
],
"severity": "High",
"fixes": [
"https://googleplex-android.googlesource.com/platform/frameworks/av/+/20cca3672f4fbcef3e8dd0cc1a46f585a576ab3c"
]
}
Android / platform/frameworks/av
Package
Ecosystem specific
{
"spl": "2025-06-01",
"vanir_signatures": [
{
"id": "ASB-A-301470262-845a6f5b",
"signature_type": "Function",
"source": "https://googleplex-android.googlesource.com/platform/frameworks/av/+/c9c3b9448503136ba1f562ff24047cdbe14e852b",
"target": {
"file": "media/ndk/NdkMediaCodec.cpp",
"function": "AMediaCodec_dequeueOutputBuffer"
},
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 648.0,
"function_hash": "131535608617307715521765791811359423310"
}
},
{
"id": "ASB-A-301470262-a3cb1e90",
"signature_type": "Line",
"source": "https://googleplex-android.googlesource.com/platform/frameworks/av/+/c9c3b9448503136ba1f562ff24047cdbe14e852b",
"target": {
"file": "media/ndk/NdkMediaCodec.cpp"
},
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"71600360415418129174559212431824992477",
"76563954033470350988805698783571700052",
"226404815339819498657362227062984340364",
"327188650271913730232397723474300298690",
"94965926434051169257640214182215033121",
"337426919657139814683692752285689876091",
"44838245825590593655464951426693163600",
"88608768875686165973028908612579388024",
"155203362141733110879560540315643344056",
"7124372441177190717609079404781532088",
"270757280497983356755606498210015147891",
"71600360415418129174559212431824992477",
"76563954033470350988805698783571700052",
"36960143002159883296876170264643606198",
"254656710729864865729537234410561843857",
"94965926434051169257640214182215033121",
"337426919657139814683692752285689876091",
"169953714638657631881455144958345453661",
"284481401333772062076841903110157569174",
"44113216220255611064517012692770715403",
"315864493507467516835953944719729196448"
],
"threshold": 0.9
}
},
{
"id": "ASB-A-301470262-f5b983f6",
"signature_type": "Function",
"source": "https://googleplex-android.googlesource.com/platform/frameworks/av/+/c9c3b9448503136ba1f562ff24047cdbe14e852b",
"target": {
"file": "media/ndk/NdkMediaCodec.cpp",
"function": "AMediaCodec_getInputBuffer"
},
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 811.0,
"function_hash": "305793044022599432944075141835477326463"
}
},
{
"id": "ASB-A-301470262-f6b2a105",
"signature_type": "Function",
"source": "https://googleplex-android.googlesource.com/platform/frameworks/av/+/c9c3b9448503136ba1f562ff24047cdbe14e852b",
"target": {
"file": "media/ndk/NdkMediaCodec.cpp",
"function": "AMediaCodec_getOutputBuffer"
},
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 715.0,
"function_hash": "98694987338145071947296608874201862107"
}
}
],
"types": [
"EoP"
],
"severity": "High",
"fixes": [
"https://googleplex-android.googlesource.com/platform/frameworks/av/+/c9c3b9448503136ba1f562ff24047cdbe14e852b"
]
}
Android / platform/frameworks/av
Package
Ecosystem specific
{
"spl": "2025-06-01",
"vanir_signatures": [
{
"id": "ASB-A-301470262-1d4029ca",
"signature_type": "Function",
"source": "https://googleplex-android.googlesource.com/platform/frameworks/av/+/c9c3b9448503136ba1f562ff24047cdbe14e852b",
"target": {
"file": "media/ndk/NdkMediaCodec.cpp",
"function": "AMediaCodec_dequeueOutputBuffer"
},
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 648.0,
"function_hash": "131535608617307715521765791811359423310"
}
},
{
"id": "ASB-A-301470262-32b6241c",
"signature_type": "Line",
"source": "https://googleplex-android.googlesource.com/platform/frameworks/av/+/c9c3b9448503136ba1f562ff24047cdbe14e852b",
"target": {
"file": "media/ndk/NdkMediaCodec.cpp"
},
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"71600360415418129174559212431824992477",
"76563954033470350988805698783571700052",
"226404815339819498657362227062984340364",
"327188650271913730232397723474300298690",
"94965926434051169257640214182215033121",
"337426919657139814683692752285689876091",
"44838245825590593655464951426693163600",
"88608768875686165973028908612579388024",
"155203362141733110879560540315643344056",
"7124372441177190717609079404781532088",
"270757280497983356755606498210015147891",
"71600360415418129174559212431824992477",
"76563954033470350988805698783571700052",
"36960143002159883296876170264643606198",
"254656710729864865729537234410561843857",
"94965926434051169257640214182215033121",
"337426919657139814683692752285689876091",
"169953714638657631881455144958345453661",
"284481401333772062076841903110157569174",
"44113216220255611064517012692770715403",
"315864493507467516835953944719729196448"
],
"threshold": 0.9
}
},
{
"id": "ASB-A-301470262-6306815a",
"signature_type": "Function",
"source": "https://googleplex-android.googlesource.com/platform/frameworks/av/+/c9c3b9448503136ba1f562ff24047cdbe14e852b",
"target": {
"file": "media/ndk/NdkMediaCodec.cpp",
"function": "AMediaCodec_getOutputBuffer"
},
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 715.0,
"function_hash": "98694987338145071947296608874201862107"
}
},
{
"id": "ASB-A-301470262-636948db",
"signature_type": "Function",
"source": "https://googleplex-android.googlesource.com/platform/frameworks/av/+/c9c3b9448503136ba1f562ff24047cdbe14e852b",
"target": {
"file": "media/ndk/NdkMediaCodec.cpp",
"function": "AMediaCodec_getInputBuffer"
},
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 811.0,
"function_hash": "305793044022599432944075141835477326463"
}
}
],
"types": [
"EoP"
],
"severity": "High",
"fixes": [
"https://googleplex-android.googlesource.com/platform/frameworks/av/+/c9c3b9448503136ba1f562ff24047cdbe14e852b"
]
}