Buffer Overflow Vulnerability in DNG SDK by Android
CVE-2025-48622

Currently unrated

Key Information:

Vendor

Google
Status
Android
Vendor
CVE Published:
8 December 2025

What is CVE-2025-48622?

A vulnerability exists in the DNG SDK within the ProcessArea module, specifically in the dng_misc_opcodes.cpp file. This flaw allows for a potential out-of-bounds read due to a buffer overflow, which could result in the disclosure of sensitive information on the local system. Notably, this vulnerability does not require any additional execution privileges or user interaction for exploitation, making it especially concerning for users relying on the affected SDK. Remediation measures are necessary to prevent unauthorized data access.

Affected Version(s)

Android 16

Android 15

Android 14

References

https://android.googlesource.com/platform/external/skia/+...
https://android.googlesource.com/platform/external/dng_sd...
https://android.googlesource.com/platform/cts/+/1bcf948f5...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-48622 : Buffer Overflow Vulnerability in DNG SDK by Android