ASB-A-456471290
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-456471290.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-456471290
- Aliases
-
- A-456471290
- CVE-2026-0049
- Published
- 2026-04-01T00:00:00Z
- Modified
- 2026-04-09T15:29:07.935252Z
- Summary
- [none]
- Details
-
In onHeaderDecoded of LocalImageResolver.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android
platform/external/dng_sdk
Package
- Name
- platform/external/dng_sdk
Ecosystem specific
{
"severity": "Critical",
"fixes": [
"https://android.googlesource.com/platform/external/dng_sdk/+/90c04eb8818273d4df0773ec38cafceba504b151"
],
"spl": "2026-04-01",
"types": [
"DoS"
],
"vanir_signatures": [
{
"target": {
"function": "dng_opcode_MapTable::ProcessArea",
"file": "source/dng_misc_opcodes.cpp"
},
"digest": {
"function_hash": "247983476148946683277296250507153569546",
"length": 772.0
},
"signature_type": "Function",
"deprecated": false,
"source": "https://android.googlesource.com/platform/external/dng_sdk/+/90c04eb8818273d4df0773ec38cafceba504b151",
"signature_version": "v1",
"id": "ASB-A-456471290-7cd87949"
},
{
"target": {
"file": "source/dng_misc_opcodes.cpp"
},
"digest": {
"line_hashes": [
"254162864987419516653037546255962976974",
"174481379245101906330103818219884968188",
"38818084593025721930813588560192806488",
"340185059397985687769525146074280437867",
"86925292005109110440163438978910335476",
"266795867980431311308635298062714772849",
"292619745112616878756990209523440410762",
"241430027009489406701638282265980435329",
"34460560712277407966214910576293203508",
"265350394259128308862613924336694060068",
"121637857954356614220299301086022153187"
],
"threshold": 0.9
},
"signature_type": "Line",
"deprecated": false,
"source": "https://android.googlesource.com/platform/external/dng_sdk/+/90c04eb8818273d4df0773ec38cafceba504b151",
"signature_version": "v1",
"id": "ASB-A-456471290-f9995d57"
}
]
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"severity": "Critical",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/e69ce2095f902a9f2ebd1871e9a0bda06908f0ab"
],
"spl": "2026-04-01",
"types": [
"DoS"
],
"vanir_signatures": [
{
"target": {
"function": "onHeaderDecoded",
"file": "core/java/com/android/internal/widget/LocalImageResolver.java"
},
"digest": {
"function_hash": "163152872902536377393825292832473725374",
"length": 595.0
},
"signature_type": "Function",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/e69ce2095f902a9f2ebd1871e9a0bda06908f0ab",
"signature_version": "v1",
"id": "ASB-A-456471290-16656d14"
},
{
"target": {
"file": "core/java/com/android/internal/widget/LocalImageResolver.java"
},
"digest": {
"line_hashes": [
"311802817958744169613783294823276224481",
"189357718234196864289704879659547444652",
"131097225745498321480127830739941046329",
"264246961496789808183792632663539740172",
"191205946031846947260731142679398202158",
"184246810390066199890375124026568279968",
"271820447405255305604707319362235295110"
],
"threshold": 0.9
},
"signature_type": "Line",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/e69ce2095f902a9f2ebd1871e9a0bda06908f0ab",
"signature_version": "v1",
"id": "ASB-A-456471290-b2a5e389"
}
]
}platform/external/dng_sdk
Package
- Name
- platform/external/dng_sdk
Ecosystem specific
{
"severity": "Critical",
"fixes": [
"https://android.googlesource.com/platform/external/dng_sdk/+/fdfcd45175dff74138b9ed9324667ba383ea1230"
],
"spl": "2026-04-01",
"types": [
"DoS"
],
"vanir_signatures": [
{
"target": {
"function": "dng_opcode_MapTable::ProcessArea",
"file": "source/dng_misc_opcodes.cpp"
},
"digest": {
"function_hash": "247983476148946683277296250507153569546",
"length": 772.0
},
"signature_type": "Function",
"deprecated": false,
"source": "https://android.googlesource.com/platform/external/dng_sdk/+/fdfcd45175dff74138b9ed9324667ba383ea1230",
"signature_version": "v1",
"id": "ASB-A-456471290-32d78b2a"
},
{
"target": {
"file": "source/dng_misc_opcodes.cpp"
},
"digest": {
"line_hashes": [
"254162864987419516653037546255962976974",
"174481379245101906330103818219884968188",
"38818084593025721930813588560192806488",
"340185059397985687769525146074280437867",
"86925292005109110440163438978910335476",
"266795867980431311308635298062714772849",
"292619745112616878756990209523440410762",
"241430027009489406701638282265980435329",
"34460560712277407966214910576293203508",
"265350394259128308862613924336694060068",
"121637857954356614220299301086022153187"
],
"threshold": 0.9
},
"signature_type": "Line",
"deprecated": false,
"source": "https://android.googlesource.com/platform/external/dng_sdk/+/fdfcd45175dff74138b9ed9324667ba383ea1230",
"signature_version": "v1",
"id": "ASB-A-456471290-4b1dd808"
}
]
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"severity": "Critical",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/a420571a3e2428ea6578fbd2736c3fbf8e8b5b5a"
],
"spl": "2026-04-01",
"types": [
"DoS"
],
"vanir_signatures": [
{
"target": {
"function": "onHeaderDecoded",
"file": "core/java/com/android/internal/widget/LocalImageResolver.java"
},
"digest": {
"function_hash": "163152872902536377393825292832473725374",
"length": 595.0
},
"signature_type": "Function",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/a420571a3e2428ea6578fbd2736c3fbf8e8b5b5a",
"signature_version": "v1",
"id": "ASB-A-456471290-0d4e7c0d"
},
{
"target": {
"file": "core/java/com/android/internal/widget/LocalImageResolver.java"
},
"digest": {
"line_hashes": [
"311802817958744169613783294823276224481",
"189357718234196864289704879659547444652",
"131097225745498321480127830739941046329",
"264246961496789808183792632663539740172",
"191205946031846947260731142679398202158",
"184246810390066199890375124026568279968",
"271820447405255305604707319362235295110"
],
"threshold": 0.9
},
"signature_type": "Line",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/a420571a3e2428ea6578fbd2736c3fbf8e8b5b5a",
"signature_version": "v1",
"id": "ASB-A-456471290-c86bd9a2"
}
]
}platform/external/dng_sdk
Package
- Name
- platform/external/dng_sdk
Ecosystem specific
{
"severity": "Critical",
"fixes": [
"https://android.googlesource.com/platform/external/dng_sdk/+/c40bd5325d326d5cc4f6a5944e0047542361dd58"
],
"spl": "2026-04-01",
"types": [
"DoS"
],
"vanir_signatures": [
{
"target": {
"file": "source/dng_misc_opcodes.cpp"
},
"digest": {
"line_hashes": [
"254162864987419516653037546255962976974",
"174481379245101906330103818219884968188",
"38818084593025721930813588560192806488",
"340185059397985687769525146074280437867",
"86925292005109110440163438978910335476",
"266795867980431311308635298062714772849",
"292619745112616878756990209523440410762",
"241430027009489406701638282265980435329",
"34460560712277407966214910576293203508",
"265350394259128308862613924336694060068",
"121637857954356614220299301086022153187"
],
"threshold": 0.9
},
"signature_type": "Line",
"deprecated": false,
"source": "https://android.googlesource.com/platform/external/dng_sdk/+/c40bd5325d326d5cc4f6a5944e0047542361dd58",
"signature_version": "v1",
"id": "ASB-A-456471290-3f295ff1"
},
{
"target": {
"function": "dng_opcode_MapTable::ProcessArea",
"file": "source/dng_misc_opcodes.cpp"
},
"digest": {
"function_hash": "247983476148946683277296250507153569546",
"length": 772.0
},
"signature_type": "Function",
"deprecated": false,
"source": "https://android.googlesource.com/platform/external/dng_sdk/+/c40bd5325d326d5cc4f6a5944e0047542361dd58",
"signature_version": "v1",
"id": "ASB-A-456471290-cd7b1fb1"
}
]
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"severity": "Critical",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/3fcb2a5f4f371d3e47aee3d56d0789248ac716c4"
],
"spl": "2026-04-01",
"types": [
"DoS"
],
"vanir_signatures": [
{
"target": {
"function": "onHeaderDecoded",
"file": "core/java/com/android/internal/widget/LocalImageResolver.java"
},
"digest": {
"function_hash": "163152872902536377393825292832473725374",
"length": 595.0
},
"signature_type": "Function",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/3fcb2a5f4f371d3e47aee3d56d0789248ac716c4",
"signature_version": "v1",
"id": "ASB-A-456471290-dcc01e84"
},
{
"target": {
"file": "core/java/com/android/internal/widget/LocalImageResolver.java"
},
"digest": {
"line_hashes": [
"311802817958744169613783294823276224481",
"189357718234196864289704879659547444652",
"131097225745498321480127830739941046329",
"264246961496789808183792632663539740172",
"191205946031846947260731142679398202158",
"184246810390066199890375124026568279968",
"271820447405255305604707319362235295110"
],
"threshold": 0.9
},
"signature_type": "Line",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/3fcb2a5f4f371d3e47aee3d56d0789248ac716c4",
"signature_version": "v1",
"id": "ASB-A-456471290-ec32c592"
}
]
}platform/external/dng_sdk
Package
- Name
- platform/external/dng_sdk
Ecosystem specific
{
"severity": "Critical",
"fixes": [
"https://android.googlesource.com/platform/external/dng_sdk/+/ce9b78475445e0ddae532f13f676e79a07109d80"
],
"spl": "2026-04-01",
"types": [
"DoS"
],
"vanir_signatures": [
{
"target": {
"function": "dng_opcode_MapTable::ProcessArea",
"file": "source/dng_misc_opcodes.cpp"
},
"digest": {
"function_hash": "247983476148946683277296250507153569546",
"length": 772.0
},
"signature_type": "Function",
"deprecated": false,
"source": "https://android.googlesource.com/platform/external/dng_sdk/+/ce9b78475445e0ddae532f13f676e79a07109d80",
"signature_version": "v1",
"id": "ASB-A-456471290-2cc99a92"
},
{
"target": {
"file": "source/dng_misc_opcodes.cpp"
},
"digest": {
"line_hashes": [
"254162864987419516653037546255962976974",
"174481379245101906330103818219884968188",
"38818084593025721930813588560192806488",
"340185059397985687769525146074280437867",
"86925292005109110440163438978910335476",
"266795867980431311308635298062714772849",
"292619745112616878756990209523440410762",
"241430027009489406701638282265980435329",
"34460560712277407966214910576293203508",
"265350394259128308862613924336694060068",
"121637857954356614220299301086022153187"
],
"threshold": 0.9
},
"signature_type": "Line",
"deprecated": false,
"source": "https://android.googlesource.com/platform/external/dng_sdk/+/ce9b78475445e0ddae532f13f676e79a07109d80",
"signature_version": "v1",
"id": "ASB-A-456471290-f29145b4"
}
]
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"severity": "Critical",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/f130bc90df4f6bb6237cc823824ef13c53b3a2f0"
],
"spl": "2026-04-01",
"types": [
"DoS"
],
"vanir_signatures": [
{
"target": {
"function": "onHeaderDecoded",
"file": "core/java/com/android/internal/widget/LocalImageResolver.java"
},
"digest": {
"function_hash": "163152872902536377393825292832473725374",
"length": 595.0
},
"signature_type": "Function",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/f130bc90df4f6bb6237cc823824ef13c53b3a2f0",
"signature_version": "v1",
"id": "ASB-A-456471290-3e027da2"
},
{
"target": {
"file": "core/java/com/android/internal/widget/LocalImageResolver.java"
},
"digest": {
"line_hashes": [
"311802817958744169613783294823276224481",
"189357718234196864289704879659547444652",
"131097225745498321480127830739941046329",
"264246961496789808183792632663539740172",
"191205946031846947260731142679398202158",
"184246810390066199890375124026568279968",
"271820447405255305604707319362235295110"
],
"threshold": 0.9
},
"signature_type": "Line",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/f130bc90df4f6bb6237cc823824ef13c53b3a2f0",
"signature_version": "v1",
"id": "ASB-A-456471290-e09659a8"
}
]
}platform/external/dng_sdk
Package
- Name
- platform/external/dng_sdk
Ecosystem specific
{
"severity": "Critical",
"fixes": [
"https://android.googlesource.com/platform/external/dng_sdk/+/e87e58602d36581247f158c6fae5a927267a8954"
],
"spl": "2026-04-01",
"types": [
"DoS"
],
"vanir_signatures": [
{
"target": {
"file": "source/dng_misc_opcodes.cpp"
},
"digest": {
"line_hashes": [
"254162864987419516653037546255962976974",
"174481379245101906330103818219884968188",
"38818084593025721930813588560192806488",
"340185059397985687769525146074280437867",
"86925292005109110440163438978910335476",
"266795867980431311308635298062714772849",
"292619745112616878756990209523440410762",
"241430027009489406701638282265980435329",
"34460560712277407966214910576293203508",
"265350394259128308862613924336694060068",
"121637857954356614220299301086022153187"
],
"threshold": 0.9
},
"signature_type": "Line",
"deprecated": false,
"source": "https://android.googlesource.com/platform/external/dng_sdk/+/e87e58602d36581247f158c6fae5a927267a8954",
"signature_version": "v1",
"id": "ASB-A-456471290-6764db35"
},
{
"target": {
"function": "dng_opcode_MapTable::ProcessArea",
"file": "source/dng_misc_opcodes.cpp"
},
"digest": {
"function_hash": "247983476148946683277296250507153569546",
"length": 772.0
},
"signature_type": "Function",
"deprecated": false,
"source": "https://android.googlesource.com/platform/external/dng_sdk/+/e87e58602d36581247f158c6fae5a927267a8954",
"signature_version": "v1",
"id": "ASB-A-456471290-bbabd18f"
}
]
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"severity": "Critical",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/097784954bf6d5e80d9759bd3d0db208b014f5ba"
],
"spl": "2026-04-01",
"types": [
"DoS"
],
"vanir_signatures": [
{
"target": {
"file": "core/java/com/android/internal/widget/LocalImageResolver.java"
},
"digest": {
"line_hashes": [
"311802817958744169613783294823276224481",
"189357718234196864289704879659547444652",
"131097225745498321480127830739941046329",
"264246961496789808183792632663539740172",
"191205946031846947260731142679398202158",
"184246810390066199890375124026568279968",
"271820447405255305604707319362235295110"
],
"threshold": 0.9
},
"signature_type": "Line",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/097784954bf6d5e80d9759bd3d0db208b014f5ba",
"signature_version": "v1",
"id": "ASB-A-456471290-03247c38"
},
{
"target": {
"function": "onHeaderDecoded",
"file": "core/java/com/android/internal/widget/LocalImageResolver.java"
},
"digest": {
"function_hash": "163152872902536377393825292832473725374",
"length": 595.0
},
"signature_type": "Function",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/097784954bf6d5e80d9759bd3d0db208b014f5ba",
"signature_version": "v1",
"id": "ASB-A-456471290-675e2242"
}
]
}