CVE-2025-0081

Published: Aug 26, 2025Modified: Sep 2, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

In dng_lossless_decoder::HuffDecode of dng_lossless_jpeg.cpp, there is a possible way to cause a crash due to uninitialized data. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected (5)

Products: Google: Android

1 product

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Google Android	Version 12.0
Google Android	Version 12.1
Google Android	Version 13.0
Google Android	Version 14.0
Google Android	Version 15.0

Related CWEs

Use of Uninitialized Variable

The code uses a variable that has not been initialized, leading to unpredictable or unintended results.

References (2)

https://android.googlesource.com/platform/external/dng_sdk/+/7fc02c8d5af37c97b325dc2956f4a6117c145c2f

Source: security@android.com

Product

https://source.android.com/security/bulletin/2025-03-01

Source: security@android.com

Vendor Advisory

Timeline

No history available yet.