{"id":"ASB-A-456471290","details":"In onHeaderDecoded of LocalImageResolver.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-456471290","CVE-2026-0049"],"modified":"2026-04-09T15:29:07.935252Z","published":"2026-04-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2026-04-01"}],"affected":[{"package":{"name":"platform/external/dng_sdk","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"16-qpr2-next:0"},{"fixed":"16-qpr2-next:2026-04-01"}]}],"versions":["16-qpr2-next"],"ecosystem_specific":{"vanir_signatures":[{"signature_type":"Function","signature_version":"v1","source":"https://android.googlesource.com/platform/external/dng_sdk/+/90c04eb8818273d4df0773ec38cafceba504b151","deprecated":false,"digest":{"function_hash":"247983476148946683277296250507153569546","length":772},"target":{"file":"source/dng_misc_opcodes.cpp","function":"dng_opcode_MapTable::ProcessArea"},"id":"ASB-A-456471290-7cd87949"},{"signature_type":"Line","signature_version":"v1","source":"https://android.googlesource.com/platform/external/dng_sdk/+/90c04eb8818273d4df0773ec38cafceba504b151","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["254162864987419516653037546255962976974","174481379245101906330103818219884968188","38818084593025721930813588560192806488","340185059397985687769525146074280437867","86925292005109110440163438978910335476","266795867980431311308635298062714772849","292619745112616878756990209523440410762","241430027009489406701638282265980435329","34460560712277407966214910576293203508","265350394259128308862613924336694060068","121637857954356614220299301086022153187"]},"target":{"file":"source/dng_misc_opcodes.cpp"},"id":"ASB-A-456471290-f9995d57"}],"types":["DoS"],"spl":"2026-04-01","severity":"Critical","fixes":["https://android.googlesource.com/platform/external/dng_sdk/+/90c04eb8818273d4df0773ec38cafceba504b151"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-456471290.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"16-qpr2-next:0"},{"fixed":"16-qpr2-next:2026-04-01"}]}],"versions":["16-qpr2-next"],"ecosystem_specific":{"vanir_signatures":[{"signature_type":"Function","signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/e69ce2095f902a9f2ebd1871e9a0bda06908f0ab","deprecated":false,"digest":{"function_hash":"163152872902536377393825292832473725374","length":595},"target":{"file":"core/java/com/android/internal/widget/LocalImageResolver.java","function":"onHeaderDecoded"},"id":"ASB-A-456471290-16656d14"},{"signature_type":"Line","signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/e69ce2095f902a9f2ebd1871e9a0bda06908f0ab","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["311802817958744169613783294823276224481","189357718234196864289704879659547444652","131097225745498321480127830739941046329","264246961496789808183792632663539740172","191205946031846947260731142679398202158","184246810390066199890375124026568279968","271820447405255305604707319362235295110"]},"target":{"file":"core/java/com/android/internal/widget/LocalImageResolver.java"},"id":"ASB-A-456471290-b2a5e389"}],"types":["DoS"],"spl":"2026-04-01","severity":"Critical","fixes":["https://android.googlesource.com/platform/frameworks/base/+/e69ce2095f902a9f2ebd1871e9a0bda06908f0ab"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-456471290.json"}},{"package":{"name":"platform/external/dng_sdk","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"15:0"},{"fixed":"15:2026-04-01"}]}],"versions":["15"],"ecosystem_specific":{"vanir_signatures":[{"signature_type":"Function","signature_version":"v1","source":"https://android.googlesource.com/platform/external/dng_sdk/+/fdfcd45175dff74138b9ed9324667ba383ea1230","deprecated":false,"digest":{"function_hash":"247983476148946683277296250507153569546","length":772},"target":{"file":"source/dng_misc_opcodes.cpp","function":"dng_opcode_MapTable::ProcessArea"},"id":"ASB-A-456471290-32d78b2a"},{"signature_type":"Line","signature_version":"v1","source":"https://android.googlesource.com/platform/external/dng_sdk/+/fdfcd45175dff74138b9ed9324667ba383ea1230","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["254162864987419516653037546255962976974","174481379245101906330103818219884968188","38818084593025721930813588560192806488","340185059397985687769525146074280437867","86925292005109110440163438978910335476","266795867980431311308635298062714772849","292619745112616878756990209523440410762","241430027009489406701638282265980435329","34460560712277407966214910576293203508","265350394259128308862613924336694060068","121637857954356614220299301086022153187"]},"target":{"file":"source/dng_misc_opcodes.cpp"},"id":"ASB-A-456471290-4b1dd808"}],"types":["DoS"],"spl":"2026-04-01","severity":"Critical","fixes":["https://android.googlesource.com/platform/external/dng_sdk/+/fdfcd45175dff74138b9ed9324667ba383ea1230"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-456471290.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"15:0"},{"fixed":"15:2026-04-01"}]}],"versions":["15"],"ecosystem_specific":{"vanir_signatures":[{"signature_type":"Function","signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/a420571a3e2428ea6578fbd2736c3fbf8e8b5b5a","deprecated":false,"digest":{"function_hash":"163152872902536377393825292832473725374","length":595},"target":{"file":"core/java/com/android/internal/widget/LocalImageResolver.java","function":"onHeaderDecoded"},"id":"ASB-A-456471290-0d4e7c0d"},{"signature_type":"Line","signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/a420571a3e2428ea6578fbd2736c3fbf8e8b5b5a","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["311802817958744169613783294823276224481","189357718234196864289704879659547444652","131097225745498321480127830739941046329","264246961496789808183792632663539740172","191205946031846947260731142679398202158","184246810390066199890375124026568279968","271820447405255305604707319362235295110"]},"target":{"file":"core/java/com/android/internal/widget/LocalImageResolver.java"},"id":"ASB-A-456471290-c86bd9a2"}],"types":["DoS"],"spl":"2026-04-01","severity":"Critical","fixes":["https://android.googlesource.com/platform/frameworks/base/+/a420571a3e2428ea6578fbd2736c3fbf8e8b5b5a"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-456471290.json"}},{"package":{"name":"platform/external/dng_sdk","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"16:0"},{"fixed":"16:2026-04-01"}]}],"versions":["16"],"ecosystem_specific":{"vanir_signatures":[{"signature_type":"Line","signature_version":"v1","source":"https://android.googlesource.com/platform/external/dng_sdk/+/c40bd5325d326d5cc4f6a5944e0047542361dd58","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["254162864987419516653037546255962976974","174481379245101906330103818219884968188","38818084593025721930813588560192806488","340185059397985687769525146074280437867","86925292005109110440163438978910335476","266795867980431311308635298062714772849","292619745112616878756990209523440410762","241430027009489406701638282265980435329","34460560712277407966214910576293203508","265350394259128308862613924336694060068","121637857954356614220299301086022153187"]},"target":{"file":"source/dng_misc_opcodes.cpp"},"id":"ASB-A-456471290-3f295ff1"},{"signature_type":"Function","signature_version":"v1","source":"https://android.googlesource.com/platform/external/dng_sdk/+/c40bd5325d326d5cc4f6a5944e0047542361dd58","deprecated":false,"digest":{"function_hash":"247983476148946683277296250507153569546","length":772},"target":{"file":"source/dng_misc_opcodes.cpp","function":"dng_opcode_MapTable::ProcessArea"},"id":"ASB-A-456471290-cd7b1fb1"}],"types":["DoS"],"spl":"2026-04-01","severity":"Critical","fixes":["https://android.googlesource.com/platform/external/dng_sdk/+/c40bd5325d326d5cc4f6a5944e0047542361dd58"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-456471290.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"16:0"},{"fixed":"16:2026-04-01"}]}],"versions":["16"],"ecosystem_specific":{"vanir_signatures":[{"signature_type":"Function","signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/3fcb2a5f4f371d3e47aee3d56d0789248ac716c4","deprecated":false,"digest":{"function_hash":"163152872902536377393825292832473725374","length":595},"target":{"file":"core/java/com/android/internal/widget/LocalImageResolver.java","function":"onHeaderDecoded"},"id":"ASB-A-456471290-dcc01e84"},{"signature_type":"Line","signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/3fcb2a5f4f371d3e47aee3d56d0789248ac716c4","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["311802817958744169613783294823276224481","189357718234196864289704879659547444652","131097225745498321480127830739941046329","264246961496789808183792632663539740172","191205946031846947260731142679398202158","184246810390066199890375124026568279968","271820447405255305604707319362235295110"]},"target":{"file":"core/java/com/android/internal/widget/LocalImageResolver.java"},"id":"ASB-A-456471290-ec32c592"}],"types":["DoS"],"spl":"2026-04-01","severity":"Critical","fixes":["https://android.googlesource.com/platform/frameworks/base/+/3fcb2a5f4f371d3e47aee3d56d0789248ac716c4"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-456471290.json"}},{"package":{"name":"platform/external/dng_sdk","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"16-qpr2:0"},{"fixed":"16-qpr2:2026-04-01"}]}],"versions":["16-qpr2"],"ecosystem_specific":{"vanir_signatures":[{"signature_type":"Function","signature_version":"v1","source":"https://android.googlesource.com/platform/external/dng_sdk/+/ce9b78475445e0ddae532f13f676e79a07109d80","deprecated":false,"digest":{"function_hash":"247983476148946683277296250507153569546","length":772},"target":{"file":"source/dng_misc_opcodes.cpp","function":"dng_opcode_MapTable::ProcessArea"},"id":"ASB-A-456471290-2cc99a92"},{"signature_type":"Line","signature_version":"v1","source":"https://android.googlesource.com/platform/external/dng_sdk/+/ce9b78475445e0ddae532f13f676e79a07109d80","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["254162864987419516653037546255962976974","174481379245101906330103818219884968188","38818084593025721930813588560192806488","340185059397985687769525146074280437867","86925292005109110440163438978910335476","266795867980431311308635298062714772849","292619745112616878756990209523440410762","241430027009489406701638282265980435329","34460560712277407966214910576293203508","265350394259128308862613924336694060068","121637857954356614220299301086022153187"]},"target":{"file":"source/dng_misc_opcodes.cpp"},"id":"ASB-A-456471290-f29145b4"}],"types":["DoS"],"spl":"2026-04-01","severity":"Critical","fixes":["https://android.googlesource.com/platform/external/dng_sdk/+/ce9b78475445e0ddae532f13f676e79a07109d80"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-456471290.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"16-qpr2:0"},{"fixed":"16-qpr2:2026-04-01"}]}],"versions":["16-qpr2"],"ecosystem_specific":{"vanir_signatures":[{"signature_type":"Function","signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/f130bc90df4f6bb6237cc823824ef13c53b3a2f0","deprecated":false,"digest":{"function_hash":"163152872902536377393825292832473725374","length":595},"target":{"file":"core/java/com/android/internal/widget/LocalImageResolver.java","function":"onHeaderDecoded"},"id":"ASB-A-456471290-3e027da2"},{"signature_type":"Line","signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/f130bc90df4f6bb6237cc823824ef13c53b3a2f0","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["311802817958744169613783294823276224481","189357718234196864289704879659547444652","131097225745498321480127830739941046329","264246961496789808183792632663539740172","191205946031846947260731142679398202158","184246810390066199890375124026568279968","271820447405255305604707319362235295110"]},"target":{"file":"core/java/com/android/internal/widget/LocalImageResolver.java"},"id":"ASB-A-456471290-e09659a8"}],"types":["DoS"],"spl":"2026-04-01","severity":"Critical","fixes":["https://android.googlesource.com/platform/frameworks/base/+/f130bc90df4f6bb6237cc823824ef13c53b3a2f0"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-456471290.json"}},{"package":{"name":"platform/external/dng_sdk","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14:0"},{"fixed":"14:2026-04-01"}]}],"versions":["14"],"ecosystem_specific":{"vanir_signatures":[{"signature_type":"Line","signature_version":"v1","source":"https://android.googlesource.com/platform/external/dng_sdk/+/e87e58602d36581247f158c6fae5a927267a8954","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["254162864987419516653037546255962976974","174481379245101906330103818219884968188","38818084593025721930813588560192806488","340185059397985687769525146074280437867","86925292005109110440163438978910335476","266795867980431311308635298062714772849","292619745112616878756990209523440410762","241430027009489406701638282265980435329","34460560712277407966214910576293203508","265350394259128308862613924336694060068","121637857954356614220299301086022153187"]},"target":{"file":"source/dng_misc_opcodes.cpp"},"id":"ASB-A-456471290-6764db35"},{"signature_type":"Function","signature_version":"v1","source":"https://android.googlesource.com/platform/external/dng_sdk/+/e87e58602d36581247f158c6fae5a927267a8954","deprecated":false,"digest":{"function_hash":"247983476148946683277296250507153569546","length":772},"target":{"file":"source/dng_misc_opcodes.cpp","function":"dng_opcode_MapTable::ProcessArea"},"id":"ASB-A-456471290-bbabd18f"}],"types":["DoS"],"spl":"2026-04-01","severity":"Critical","fixes":["https://android.googlesource.com/platform/external/dng_sdk/+/e87e58602d36581247f158c6fae5a927267a8954"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-456471290.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14:0"},{"fixed":"14:2026-04-01"}]}],"versions":["14"],"ecosystem_specific":{"vanir_signatures":[{"signature_type":"Line","signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/097784954bf6d5e80d9759bd3d0db208b014f5ba","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["311802817958744169613783294823276224481","189357718234196864289704879659547444652","131097225745498321480127830739941046329","264246961496789808183792632663539740172","191205946031846947260731142679398202158","184246810390066199890375124026568279968","271820447405255305604707319362235295110"]},"target":{"file":"core/java/com/android/internal/widget/LocalImageResolver.java"},"id":"ASB-A-456471290-03247c38"},{"signature_type":"Function","signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/097784954bf6d5e80d9759bd3d0db208b014f5ba","deprecated":false,"digest":{"function_hash":"163152872902536377393825292832473725374","length":595},"target":{"file":"core/java/com/android/internal/widget/LocalImageResolver.java","function":"onHeaderDecoded"},"id":"ASB-A-456471290-675e2242"}],"types":["DoS"],"spl":"2026-04-01","severity":"Critical","fixes":["https://android.googlesource.com/platform/frameworks/base/+/097784954bf6d5e80d9759bd3d0db208b014f5ba"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-456471290.json"}}],"schema_version":"1.7.5"}