—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Vulnerability in Google Android 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: CRITICAL

Software Affected

Android Dolby UDC 4.5 through 4.13

Overview

A vulnerability has been reported in Google Android, which could allow a remote attacker to execute arbitrary code on the targeted system.

Target Audience:

All end-user organizations and individuals using Google Android.

Risk Assessment:

High risk of remote code execution.

Impact Assessment:

Potential for memory corruption.

Description

Android is an open-source operating system primarily designed for mobile devices, including smart phones, tablets, smart watches, and other embedded system.

This vulnerability exists in Google Android due buffer overflow in Dolby DD+ decoding leads to potential memory corruption and crashes.

Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the targeted system.

Solution

Apply appropriate updates as mentioned in:

https://source.android.com/docs/security/bulletin/2026/2026-01-01

Vendor Information

Android

https://source.android.com/docs/security/bulletin/2026/2026-01-01

References

Android

https://source.android.com/docs/security/bulletin/2026/2026-01-01

https://professional.dolby.com/siteassets/pdfs/dolby-security-advisory-CVE-2025-54957-Oct-14-25.pdf

CVE Name

CVE-2025-54957

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmlnr9wACgkQ3jCgcSdc

ys8hCw/+Ne87h0uO2vKkHrwgdnwQ2C97dImhoXjFSAIDUul7pzXsSD8sYDY7deAI

Its/HcLgt2KzhBfjQpJ/ExWKtMgw8VI0eysZJYnkuxLwJakVma2RjNTvXqRTjo8I

558fq504Hr3oBwbxkGQPG8sgfBQkZjaFohHkUpthEa3QLmpZFo7uqn6B/29XKg1i

ciTq/cPQRQ2BaMjypnQT8zrh1onnfpUHgJVZreNIVib8GWvaGGBi8JAqgU9tLfE+

YTkHvKynaF4TM0hKr7vZG4q8DQBS/CmIuzWiCiWz8S91RLuyOXVca5hKageHdP8M

k7JLaXJSnBD7Is6FWBZ1wzptBMp+rdadEahkUyCLQbU/xXr6N6oVW8GS5vpKFgB8

MovS6y8PSVcdhM/Dx0yyVUbmEp+sF/hlfwgjYXhRh4lT+QdvYsMAjZXbwfTICuVv

Qxsoi6PnVECyJZLUzoQx73a5CaMOxL6I7kpbaoQ7+Ijx5zru/Zzbya+uclaJx3NJ

Bf71/b72e6rWbsQt/nMwFZf0NVEeRERZXBK1tFO1HMPMFmRuwCIKgKnCeByCH5wJ

JOwdYf2BHBcQiKWq/5aYJb3Ov81EyHFOSbJWDcOa4Y22KWwpsqcNz02pSenN+Guy

OfldigMNNU3a+Kh8OvhYkRs3gTG+UW27ImIDv+jk9xa9Cjw/v/g=

=LZsL

—–END PGP SIGNATURE—–