CVE-2025-22423 — Out-of-bounds Read in External DNG SDK

Vendor	Product	Version range	Fixed in
google	android	—	—
google	android	—	—
google	android	—	—
google	android	—	—
google	android	—	—
google	android	—	—
google	android	—	—
platform	external_dng_sdk	>= 13:0 < 13:2025-04-01	13:2025-04-01
platform	external_dng_sdk	>= 14:0 < 14:2025-04-01	14:2025-04-01
platform	external_dng_sdk	>= 15-next:0 < 15-next:2025-04-01	15-next:2025-04-01
platform	external_dng_sdk	>= 15:0 < 15:2025-04-01	15:2025-04-01

GHSA

GHSA-5w5v-vm4j-43pm: In ParseTag of dng_ifd

ghsa_unreviewed·2025-09-03

CVE-2025-22423 GHSA-5w5v-vm4j-43pm: In ParseTag of dng_ifd In ParseTag of dng_ifd.cpp, there is a possible way to crash the image renderer due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

OSV

CVE-2025-22423: In ParseTag of dng_ifd

osv·2025-04-01

CVE-2025-22423 CVE-2025-22423: In ParseTag of dng_ifd In ParseTag of dng_ifd.cpp, there is a possible way to crash the image renderer due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Android

CVE-2025-22423: Android Security Bulletin 2025-04-01 CVE: CVE-2025-22423 Severity: CRITICAL Type: DoS Affected AOSP versions: 13, 14, 15 References: A-346797131

vendor_android·2025-04-01·CVSS 7.5

CVE-2025-22423 [HIGH] CVE-2025-22423: Android Security Bulletin 2025-04-01 CVE: CVE-2025-22423 Severity: CRITICAL Type: DoS Affected AOSP versions: 13, 14, 15 References: A-346797131 Android Security Bulletin 2025-04-01 CVE: CVE-2025-22423 Severity: CRITICAL Type: DoS Affected AOSP versions: 13, 14, 15 References: A-346797131

CVE-2025-22423: In ParseTag of dng_ifd.cpp, there is a possible way to crash the image renderer due to a missing bounds check. This could lead to remote denial of service with…

Affected