"CVE-2025-54957 is a buffer overflow vulnerability in Dolby UDC versions 4.5 to 4.13. The leak occurs when processing data within the evo_priv.c component of the DD+ bitstream decoder, reports security company Wiz. When processing this data, insufficient buffer space may be allocated. This insufficient allocation means that the out-of-bounds check is not performed correctly. This creates a buffer overflow, which can lead to data leakage."
"Dolby states that exploiting the leak in most cases causes a media player to crash or restart. However, in combination with other Android vulnerabilities, the impact can be much greater. Google therefore rates the severity higher and assesses CVE-2025-54957 as critical, particularly for its own Pixel smartphones. The technical details show that the problem lies in the Evolution data processing. An integer wraparound during the length calculation results in insufficient buffer allocation. This then leads to an out-of-bounds write condition during write operations."
CVE-2025-54957 is a buffer overflow in Dolby UDC 4.5–4.13's DD+ decoder that can leak data. The flaw occurs in the evo_priv.c component when insufficient buffer space is allocated during processing. An integer wraparound during length calculation causes the inadequate allocation and results in an out-of-bounds write during write operations. Dolby assigned a CVSS score of 6.5 (moderate), while Google rates the vulnerability as critical, especially for Pixel smartphones. Exploitation typically causes media player crashes or restarts, but combined with other Android vulnerabilities the impact can be greater. Regular Android updates and monthly Google security bulletins provide patches.
Read at Techzine Global
Unable to calculate read time
Collection
[
|
...
]