{"id":"ASB-A-444671303", "published":"2026-03-01T00:00:00Z", "modified":"2026-04-03T15:37:31.002635057Z", "aliases":["CVE-2025-48631", "A-444671303"], "details":"In onHeaderDecoded of LocalImageResolver.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"16-qpr2-next:0"}, {"fixed":"16-qpr2-next:2026-03-01"}]}], "versions":["16-qpr2-next"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/449f35b532d5f680b90c8f9d8150010e7f5f30df"], "severity":"Critical", "spl":"2026-03-01", "types":["DoS"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["73967225170399715904247930819758139042", "49939010375220941586987459878278998718", "134620784372851083183695846225565454257", "213008522495646628192596065558322107404", "314339081250264557520656838750522444674", "105412681079853562342429339181518327189", "227061579258164856377861565809678473379"], "threshold":0.9}, "id":"ASB-A-444671303-0ca6d4f7", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/449f35b532d5f680b90c8f9d8150010e7f5f30df", "target":{"file":"core/java/com/android/internal/widget/LocalImageResolver.java"}}, {"deprecated":false, "digest":{"function_hash":"123429461944359663759865245422479592027", "length":348}, "id":"ASB-A-444671303-3afdcfb7", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/449f35b532d5f680b90c8f9d8150010e7f5f30df", "target":{"file":"core/java/com/android/internal/widget/LocalImageResolver.java", "function":"onHeaderDecoded"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"15:0"}, {"fixed":"15:2026-03-01"}]}], "versions":["15"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/1f05e429c98270dc403b41a965debba65cc58837"], "severity":"Critical", "spl":"2026-03-01", "types":["DoS"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"123429461944359663759865245422479592027", "length":348}, "id":"ASB-A-444671303-ecc86d40", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/1f05e429c98270dc403b41a965debba65cc58837", "target":{"file":"core/java/com/android/internal/widget/LocalImageResolver.java", "function":"onHeaderDecoded"}}, {"deprecated":false, "digest":{"line_hashes":["73967225170399715904247930819758139042", "49939010375220941586987459878278998718", "134620784372851083183695846225565454257", "213008522495646628192596065558322107404", "314339081250264557520656838750522444674", "105412681079853562342429339181518327189", "227061579258164856377861565809678473379"], "threshold":0.9}, "id":"ASB-A-444671303-f96937c6", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/1f05e429c98270dc403b41a965debba65cc58837", "target":{"file":"core/java/com/android/internal/widget/LocalImageResolver.java"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"16:0"}, {"fixed":"16:2026-03-01"}]}], "versions":["16"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/4bceac8d45f07c272eced0b8da51513415d7d248"], "severity":"Critical", "spl":"2026-03-01", "types":["DoS"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["73967225170399715904247930819758139042", "49939010375220941586987459878278998718", "134620784372851083183695846225565454257", "213008522495646628192596065558322107404", "314339081250264557520656838750522444674", "105412681079853562342429339181518327189", "227061579258164856377861565809678473379"], "threshold":0.9}, "id":"ASB-A-444671303-8e62341f", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/4bceac8d45f07c272eced0b8da51513415d7d248", "target":{"file":"core/java/com/android/internal/widget/LocalImageResolver.java"}}, {"deprecated":false, "digest":{"function_hash":"123429461944359663759865245422479592027", "length":348}, "id":"ASB-A-444671303-f6527c0d", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/4bceac8d45f07c272eced0b8da51513415d7d248", "target":{"file":"core/java/com/android/internal/widget/LocalImageResolver.java", "function":"onHeaderDecoded"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"16-qpr2:0"}, {"fixed":"16-qpr2:2026-03-01"}]}], "versions":["16-qpr2"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/a7b68911d5a3e36ea7658e414b84bb40991aadcb"], "severity":"Critical", "spl":"2026-03-01", "types":["DoS"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"123429461944359663759865245422479592027", "length":348}, "id":"ASB-A-444671303-1e2c3f8c", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/a7b68911d5a3e36ea7658e414b84bb40991aadcb", "target":{"file":"core/java/com/android/internal/widget/LocalImageResolver.java", "function":"onHeaderDecoded"}}, {"deprecated":false, "digest":{"line_hashes":["73967225170399715904247930819758139042", "49939010375220941586987459878278998718", "134620784372851083183695846225565454257", "213008522495646628192596065558322107404", "314339081250264557520656838750522444674", "105412681079853562342429339181518327189", "227061579258164856377861565809678473379"], "threshold":0.9}, "id":"ASB-A-444671303-ad14d2fc", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/a7b68911d5a3e36ea7658e414b84bb40991aadcb", "target":{"file":"core/java/com/android/internal/widget/LocalImageResolver.java"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"14:0"}, {"fixed":"14:2026-03-01"}]}], "versions":["14"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/ebba11d5470e84fedad7f5f1cd37f785c19f720b"], "severity":"Critical", "spl":"2026-03-01", "types":["DoS"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"123429461944359663759865245422479592027", "length":348}, "id":"ASB-A-444671303-437a7859", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/ebba11d5470e84fedad7f5f1cd37f785c19f720b", "target":{"file":"core/java/com/android/internal/widget/LocalImageResolver.java", "function":"onHeaderDecoded"}}, {"deprecated":false, "digest":{"line_hashes":["73967225170399715904247930819758139042", "49939010375220941586987459878278998718", "134620784372851083183695846225565454257", "213008522495646628192596065558322107404", "314339081250264557520656838750522444674", "105412681079853562342429339181518327189", "227061579258164856377861565809678473379"], "threshold":0.9}, "id":"ASB-A-444671303-c3333475", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/ebba11d5470e84fedad7f5f1cd37f785c19f720b", "target":{"file":"core/java/com/android/internal/widget/LocalImageResolver.java"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2026-03-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/base/+/d6df825fda3aa29cff7af05357005322152210fd"}]}