CVE-2025-26455
BaseFortify
Publication date: 2025-09-04
Last updated on: 2025-09-05
Assigner: Android (associated with Google Inc. or Open Handset Alliance)
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| android | 13.0 | |
| android | 14.0 | |
| android | 15.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-122 | A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc(). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a heap buffer overflow in multiple functions of NdkMediaCodec.cpp, caused by incorrect handling of buffer sizes and offsets in the NDK MediaCodec API. Specifically, functions like AMediaCodec_getInputBuffer and AMediaCodec_getOutputBuffer returned buffer sizes that were either smaller or larger than expected due to factoring in offsets or including padding. This misreporting could lead to out of bounds writes in memory, resulting in a heap buffer overflow. [1]
How can this vulnerability impact me? :
The vulnerability can lead to a local escalation of privilege without requiring any additional execution privileges or user interaction. This means an attacker with local access could exploit the heap buffer overflow to gain higher privileges on the device, potentially compromising system security.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves a heap buffer overflow in NdkMediaCodec.cpp related to incorrect buffer size handling in the NDK MediaCodec API. Detection would involve checking the version of the Android platform/frameworks/av repository to see if the fix commit e28ca0c3d70c67cda2a09dc2d663a3395b13c779 has been applied. There are no specific network detection commands provided. On the system, you can verify the presence of the patched files media/ndk/NdkMediaCodec.cpp and media/ndk/include/media/NdkMediaCodec.h with the corrected buffer size handling. No direct commands for detection are provided in the resources. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to apply the patch that fixes the buffer size handling in the NDK MediaCodec API, specifically the commit e28ca0c3d70c67cda2a09dc2d663a3395b13c779 in the Android platform/frameworks/av repository. This patch corrects the buffer size calculations and removes references to non-existent methods, preventing the heap buffer overflow. Updating your Android platform/frameworks/av to include this fix will mitigate the vulnerability. [1]