CVE-2025-54957

CRITICAL EPSS 72.9%

Published Oct 20, 20258mo ago · Modified Jun 17, 20261w ago

9.8 CVSS 3.1

Critical

Published Oct 20, 2025 8mo ago

Last Modified Jun 17, 2026 1w ago

Description

An issue was discovered in Dolby UDC 4.5 through 4.13. A crash of the DD+ decoder process can occur when a malformed DD+ bitstream is processed. When Evolution data is processed by evo_priv.c from the DD+ bitstream, the decoder writes that data into a buffer. The length calculation for a write can overflow due to an integer wraparound. This can lead to the allocated buffer being too small, and the out-of-bounds check of the subsequent write to be ineffective, leading to an out-of-bounds write.

CVSS Details

Base Score

9.8

Exploitability

3.9

Impact

5.9

Vector string

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction None

Scope Unchanged

Confidentiality High

Integrity High

Availability High

Threat Intelligence

EPSS Exploit Probability

72.9% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 2

CWE-190 Integer Overflow or Wraparound Numeric Error

CWE-787 Out-of-bounds Write Memory Safety

References 3

professional.dolby.com https://professional.dolby.com/siteassets/pdfs/dolby-security-advisory-CVE-2025-54957-Oct-14-25.pdf
project-zero.issues.chromium.org https://project-zero.issues.chromium.org/issues/428075495
projectzero.google https://projectzero.google/2026/01/pixel-0-click-part-1.html

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.