Remote Denial of Service Vulnerability in Image Renderer by Android
CVE-2025-22423

Currently unrated

Key Information:

Vendor: Google
Status: Android
Vendor: CVE Published:; 2 September 2025

What is CVE-2025-22423?

A vulnerability in the ParseTag function of dng_ifd.cpp allows for potential crashes of the image renderer on Android devices. The flaw arises from a lack of bounds checking, which can lead to a remote denial of service. Exploitation of this vulnerability does not require user interaction and does not need additional execution privileges, making it particularly concerning for device stability.

Affected Version(s)

Android 15

Android 14

Android 13

References

https://android.googlesource.com/platform/external/dng_sd...

https://source.android.com/security/bulletin/2025-04-01

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 2, 2025
Vulnerability Reserved
Jan 6, 2025

Google

What is CVE-2025-22423?

Affected Version(s)

References

Timeline