CVE-2025-26455
published 2025-09-04CVE-2025-26455: In multiple functions of NdkMediaCodec.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of…
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
In multiple functions of NdkMediaCodec.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| msrc | azl3_fluent-bit_2.2.2-1_on_azure_linux_3.0 | — | — |
| msrc | azl3_fluent-bit_3.0.3-1_on_azure_linux_3.0 | — | — |
| msrc | azure_linux_3.0_arm | — | — |
| msrc | azure_linux_3.0_x64 | — | — |
| msrc | cbl2_fluent-bit_2.2.3-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_fluent-bit_2.2.3-7_on_cbl_mariner_2.0 | — | — |
| msrc | cbl_mariner_2.0_arm | — | — |
| msrc | cbl_mariner_2.0_x64 | — | — |
| platform | frameworks_av | >= 13:0 < 13:2025-06-01 | 13:2025-06-01 |
| platform | frameworks_av | >= 14:0 < 14:2025-06-01 | 14:2025-06-01 |
| platform | frameworks_av | >= 15:0 < 15:2025-06-01 | 15:2025-06-01 |
| platform | frameworks_av | >= 16-next:0 < 16-next:2025-06-01 | 16-next:2025-06-01 |