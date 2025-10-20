SecurityWeek reports that Dolby's Unified Decoder audio format processing software/hardware component has been impacted with a high-severity out-of-bounds write flaw, tracked as CVE-2025-54957, which could be harnessed in zero-click intrusions

Threat actors using nefarious audio messages could exploit the vulnerability, which stems from improper evolution data processing, to enable remote code execution, according to Google Project Zero researchers Ivan Fratric and Natalie Silvanovich, who discovered the issue.

"The decoder writes evolution information into a large, heap-like contiguous buffer contained by a larger struct, and the length calculation for one write can overflow due to integer wrap. This can allow later members of the struct to be overwritten, including a pointer that is written to when the next syncframe is processed," said Silvanovich, who also noted potential abuse of the bug without any user interaction on Android devices.

Google has already addressed the flaw as part of its latest ChromeOS patches, while Microsoft included a fix in this month's Patch Tuesday.