{"id":"ASB-A-427113482", "published":"2025-12-01T00:00:00Z", "modified":"2026-04-03T15:37:31.002635057Z", "aliases":["CVE-2025-48592", "A-427113482"], "details":"In initDecoder of C2SoftDav1dDec.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/av", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"16-qpr2-next:0"}, {"fixed":"16-qpr2-next:2025-12-01"}]}], "versions":["16-qpr2-next"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/av/+/ba571df05a6e65545dbda4c9988c2bc23aae8f16"], "severity":"High", "spl":"2025-12-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"25058861448546541125187266146201091443", "length":956}, "id":"ASB-A-427113482-8b02cc06", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/ba571df05a6e65545dbda4c9988c2bc23aae8f16", "target":{"file":"media/codec2/components/dav1d/C2SoftDav1dDec.cpp", "function":"C2SoftDav1dDec::initDecoder"}}, {"deprecated":false, "digest":{"line_hashes":["194601266704142360724374613269733820402", "153098406477915171747020160464923082297", "246323934513271302578435165879924546964", "139973620746190050113620590758254972576"], "threshold":0.9}, "id":"ASB-A-427113482-e7c61139", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/ba571df05a6e65545dbda4c9988c2bc23aae8f16", "target":{"file":"media/codec2/components/dav1d/C2SoftDav1dDec.cpp"}}]}}, {"package":{"name":"platform/frameworks/av", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"15:0"}, {"fixed":"15:2025-12-01"}]}], "versions":["15"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/av/+/25c66cbc720dd6c28aa1abe32eecda1ea4878328"], "severity":"High", "spl":"2025-12-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["194601266704142360724374613269733820402", "153098406477915171747020160464923082297", "246323934513271302578435165879924546964", "139973620746190050113620590758254972576"], "threshold":0.9}, "id":"ASB-A-427113482-5675d6e9", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/25c66cbc720dd6c28aa1abe32eecda1ea4878328", "target":{"file":"media/codec2/components/dav1d/C2SoftDav1dDec.cpp"}}, {"deprecated":false, "digest":{"function_hash":"25058861448546541125187266146201091443", "length":956}, "id":"ASB-A-427113482-752f63b3", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/25c66cbc720dd6c28aa1abe32eecda1ea4878328", "target":{"file":"media/codec2/components/dav1d/C2SoftDav1dDec.cpp", "function":"C2SoftDav1dDec::initDecoder"}}]}}, {"package":{"name":"platform/frameworks/av", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"16:0"}, {"fixed":"16:2025-12-01"}]}], "versions":["16"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/av/+/ea4bc6759153ef0ceadc7a802bad4b50d8012ba3"], "severity":"High", "spl":"2025-12-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["194601266704142360724374613269733820402", "153098406477915171747020160464923082297", "246323934513271302578435165879924546964", "139973620746190050113620590758254972576"], "threshold":0.9}, "id":"ASB-A-427113482-134fbe9f", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/ea4bc6759153ef0ceadc7a802bad4b50d8012ba3", "target":{"file":"media/codec2/components/dav1d/C2SoftDav1dDec.cpp"}}, {"deprecated":false, "digest":{"function_hash":"25058861448546541125187266146201091443", "length":956}, "id":"ASB-A-427113482-a82a6f6b", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/ea4bc6759153ef0ceadc7a802bad4b50d8012ba3", "target":{"file":"media/codec2/components/dav1d/C2SoftDav1dDec.cpp", "function":"C2SoftDav1dDec::initDecoder"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2025-12-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/av/+/8febdebcb5e8736ec013a7d64e70f50e87649b52"}]}