76 matches found
A 0-click exploit chain for the Pixel 10: When a Door Closes, a Window Opens
Posted by Seth Jenkins We recently published an exploit chain for the Google Pixel 9 that demonstrated it was possible to go from a zero-click context to root on Android in just two exploits. The Dolby 0-click vulnerability existed across all of Android, until it was patched in January 2026. Whil...
PT-2026-36924
ITEMS ADDED: Filters Add filter for Atmos PM-5173 Filters Add filter for audio layout PM-5118 Filters Add filters for video, audio, and subtitle codecs PM-5117 Metadata Add support for RottenTomatoes audience and average ratings to Nfo parser PM-5176 Metadata Detect Dolby Atmos PM-4004 Metadata...
A 0-click exploit chain for the Pixel 9 Part 3: Where do we go from here?
Posted by Natalie Silvanovich While our previous two blog posts provided technical recommendations for increasing the effort required by attackers to develop 0-click exploit chains, our experience finding, reporting and exploiting these vulnerabilities highlighted some broader issues in the Andro...
A 0-click exploit chain for the Pixel 9 Part 1: Decoding Dolby
Posted by Natalie Silvanovich Over the past few years, several AI-powered features have been added to mobile phones that allow users to better search and understand their messages. One effect of this change is increased 0-click attack surface, as efficient analysis often requires message media to...
Exploit for CVE-2025-54957
Dolby Unified Decoder CVE-2025-54957 POC When a file is p...
Zero-click Dolby audio bug lets attackers run code on Android and Windows devices
Researchers from Google’s Project Zero discovered a medium-severity remote code execution RCE vulnerability that affects multiple platforms, including Android Samsung and Pixel devices and Windows. Remote code execution means an attacker could run programs on your device without your permission...
CVE-2025-54957
An issue was discovered in Dolby UDC 4.5 through 4.13. A crash of the DD+ decoder process can occur when a malformed DD+ bitstream is processed. When Evolution data is processed by evopriv.c from the DD+ bitstream, the decoder writes that data into a buffer. The length calculation for a write can...
CVE-2025-54957
An issue was discovered in Dolby UDC 4.5 through 4.13. A crash of the DD+ decoder process can occur when a malformed DD+ bitstream is processed. When Evolution data is processed by evopriv.c from the DD+ bitstream, the decoder writes that data into a buffer. The length calculation for a write can...
EUVD-2025-35059
An issue was discovered in Dolby UDC 4.5 through 4.13. A crash of the DD+ decoder process can occur when a malformed DD+ bitstream is processed. When Evolution data is processed by evopriv.c from the DD+ bitstream, the decoder writes that data into a buffer. The length calculation for a write can...
CVE-2025-54957
An issue was discovered in Dolby UDC 4.5 through 4.13. A crash of the DD+ decoder process can occur when a malformed DD+ bitstream is processed. When Evolution data is processed by evopriv.c from the DD+ bitstream, the decoder writes that data into a buffer. The length calculation for a write can...
CVE-2025-54957
An issue was discovered in Dolby UDC 4.5 through 4.13. A crash of the DD+ decoder process can occur when a malformed DD+ bitstream is processed. When Evolution data is processed by evopriv.c from the DD+ bitstream, the decoder writes that data into a buffer. The length calculation for a write can...
CVE-2025-54957
CVE-2025-54957 affects Dolby UDC (Unified Decoder) versions 4.5–4.13 and is triggered while processing a DD+/EMDF payload in the decoder. The root cause is an integer overflow in evo_malloc computing total_size, leading to a too-small allocation, combined with a write loop that can exceed the all...
MITRE CVE-2025-54957: Integer overflow in Dolby Digital Plus audio decoder
Deserialization of untrusted data in Microsoft Windows Codecs Library allows an unauthorized attacker to execute code locally...
PT-2025-42572
Name of the Vulnerable Software and Affected Versions Dolby UDC versions 4.5 through 4.13 Description An out-of-bounds write exists in the Dolby Unified Decoder UDC when processing malformed Dolby Digital Plus DD+ bitstreams. The issue occurs in the evo priv.c file during the processing of...
Dolby Digital Plus Audio Decoder 安全漏洞
Dolby Digital Plus Audio Decoder is an audio codec technology from Dolby Laboratories USA. A security vulnerability exists in Dolby Digital Plus Audio Decoder that stems from an integer overflow that could lead to remote code execution...
EUVD-2017-16322
Malware in sbrugna...
EUVD-2021-26491
Malware in sbrugna...
EUVD-2019-2518
Malware in sbrugna...
EUVD-2024-46687
Malicious code in bioql PyPI...
EUVD-2021-27639
Malicious code in bioql PyPI...