CVE-2025-54957

EUVD-2025-35059
An issue was discovered in Dolby UDC 4.5 through 4.13. A crash of the DD+ decoder process can occur when a malformed DD+ bitstream is processed. When Evolution data is processed by evo_priv.c from the DD+ bitstream, the decoder writes that data into a buffer. The length calculation for a write can overflow due to an integer wraparound. This can lead to the allocated buffer being too small, and the out-of-bounds check of the subsequent write to be ineffective, leading to an out-of-bounds write.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA-ADPADP
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 9%
Windows Releases
Platform
Version
Windows 10
(x64, x86)
KB5066837
1607 (x64, x86)
KB5066836
1809 (x64, x86)
KB5066586
21H2 (arm64, x64, x86)
KB5066791
22H2 (arm64, x64, x86)
KB5066791
Windows 11
22H2 (arm64, x64)
KB5066793
23H2 (arm64, x64)
KB5066793
24H2 (arm64, x64)
KB5066835
25H2 (arm64, x64)
KB5066835
Windows Server 2016
Server Core
KB5066836
Standard
KB5066836
Windows Server 2019
Server Core
KB5066586
Standard
KB5066586
Windows Server 2022
23H2 Server Core
KB5066780
Server Core
KB5066782
Standard
KB5066782
Windows Server 2025
Server Core
KB5066835
Standard
KB5066835
Common Weakness Enumeration
References
https://professional.dolby.com/siteassets/pdfs/dolby-security-advisory-CVE-2025-54957-Oct-14-25.pdf
https://project-zero.issues.chromium.org/issues/428075495
https://projectzero.google/2026/01/pixel-0-click-part-1.html