Platform Frameworks Av vulnerabilities

CVE-2022-20393 CVE-2022-20393: In extract3GPPGlobalDescriptions of TextDescriptions In extract3GPPGlobalDescriptions of TextDescriptions.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure from the media server with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2022-20346 CVE-2022-20346: In updateAudioTrackInfoFromESDS_MPEG4Audio of MPEG4Extractor In updateAudioTrackInfoFromESDS_MPEG4Audio of MPEG4Extractor.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2022-20228 CVE-2022-20228: In various functions of C2DmaBufAllocator In various functions of C2DmaBufAllocator.cpp, there is a possible memory corruption due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2021-39804 CVE-2021-39804: In reinit of HeifDecoderImpl In reinit of HeifDecoderImpl.cpp, there is a possible crash due to a missing null check. This could lead to remote persistent denial of service in the file picker with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2021-39803 CVE-2021-39803: In ~Impl of C2AllocatorIon In ~Impl of C2AllocatorIon.cpp, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2021-39665 CVE-2021-39665: In checkSpsUpdated of AAVCAssembler In checkSpsUpdated of AAVCAssembler.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2021-39666 CVE-2021-39666: In extract of MediaMetricsItem In extract of MediaMetricsItem.h, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2021-39623 CVE-2021-39623: In doRead of SimpleDecodingSource In doRead of SimpleDecodingSource.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2021-0964 CVE-2021-0964: In C2SoftMP3::process() of C2SoftMp3Dec In C2SoftMP3::process() of C2SoftMp3Dec.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2021-1001 CVE-2021-1001: In PVInitVideoEncoder of mp4enc_api In PVInitVideoEncoder of mp4enc_api.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2021-0971 CVE-2021-0971: In MPEG4Source::read of MPEG4Extractor In MPEG4Source::read of MPEG4Extractor.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2021-0483 CVE-2021-0483: In multiple methods of AAudioService, there is a possible use-after-free due to a race condition In multiple methods of AAudioService, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.

CVE-2021-0519 CVE-2021-0519: In BITSTREAM_FLUSH of ih264e_bitstream In BITSTREAM_FLUSH of ih264e_bitstream.h, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2021-0585 CVE-2021-0585: In beginWrite and beginRead of MessageQueueBase In beginWrite and beginRead of MessageQueueBase.h, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

CVE-2021-0566 CVE-2021-0566: In accessAudioHalPidscpp of TimeCheck In accessAudioHalPidscpp of TimeCheck.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

CVE-2021-0562 CVE-2021-0562: In RasterIntraUpdate of motion_est In RasterIntraUpdate of motion_est.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2021-0556 CVE-2021-0556: In getBlockSum of fastcodemb In getBlockSum of fastcodemb.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2021-0564 CVE-2021-0564: In decrypt of CryptoPlugin In decrypt of CryptoPlugin.cpp, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

CVE-2021-0509 CVE-2021-0509: In various functions of CryptoPlugin In various functions of CryptoPlugin.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2021-0565 CVE-2021-0565: In wrapUserThread of AudioStream In wrapUserThread of AudioStream.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.