Platform Cts vulnerabilities

CVE-2025-48622 CVE-2025-48622: In ProcessArea of dng_misc_opcodes In ProcessArea of dng_misc_opcodes.cpp, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-40093 CVE-2023-40093: In multiple files, there is a possible way that trimmed content could be included in PDF output due to a logic error in the code In multiple files, there is a possible way that trimmed content could be included in PDF output due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2021-0307 CVE-2021-0307: In updatePermissionSourcePackage of PermissionManagerService In updatePermissionSourcePackage of PermissionManagerService.java, there is a possible automatic runtime permission grant due to a confused deputy. This could lead to local escalation of privilege allowing a malicious app to silently gain access to a dangerous permission with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2020-0227 CVE-2020-0227: In onCommand of CompanionDeviceManagerService In onCommand of CompanionDeviceManagerService.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege allowing background data usage or launching from the background, with no additional execution privileges needed. User interaction is not needed for exploitation.