CVE-2025-54957 hits the Dolby Unified Decoder on most Android phones today. That’s not hype; it’s the reality Project Zero just laid bare in their Pixel 9 takedown.
And here’s the kicker: this vuln lets attackers slip arbitrary code into the mediacodec sandbox via nothing more than an incoming RCS audio attachment in Google Messages. No user opening required. Audio transcription fires up automatically, decoding hits, boom—exploitation city.
How Did Dolby’s Skip Buffer Turn into a Backdoor?
Picture this: DD+ audio syncframes, each packing up to six audio blocks. Spec says fine. But the ‘skiple’ bit? Flip it, and the decoder slurps up to 511 bytes—0x1FF—of attacker-controlled bitstream straight into a skip buffer. That’s EMDF territory, Extensible Metadata Delivery Format, synced on ‘X8’.
The parser chugs through variable_bits, extending fields like emdf_version or key_id when they max out. It’s a loop waiting to be abused. Feed it a crafted payload, overflow that buffer, and you’ve got code exec in mediacodec context. Ivan Fratric and the team mapped it perfectly.
“The vulnerabilities discussed in these posts were fixed as of January 5, 2026.”
Google patched it quick—good on them—but the damage? Already done in the wild, probably. Vendors ship this Dolby blob statically linked into libcodec2_soft_ddpdec.so on Pixel 9. No symbols, black box decoding. It’s like handing attackers a loaded gun wrapped in proprietary foil.
Short para: Sandboxed? Sure. Useful? Hell yes.
Why Does a Media Decoder RCE Even Matter?
Skeptics in the security crowd—and I’ve heard ‘em—huffed that mediacodec exploits are toy problems. “Well-resourced attackers only,” they say. Project Zero called bullshit with a full chain: decoder RCE to kernel via CVE-2025-36934 in a sandbox-accessible driver. Part 2 details that escalation. Part 3? Lessons for the OEMs still dragging their feet on media vulns.
Think back to Stagefright, 2015. MMS media parsers ate the world—millions pwned remotely. History rhymes hard here. AI features like auto-transcription bloated the 0-click surface, decoding media pre-open. Monkey’s Audio on Samsungs fell first (CVE-2025-49415), now Dolby everywhere. Architectural shift? Phones aren’t just calling devices; they’re always-on AI analyzers, inviting bitstream bombs.
But Project Zero’s real flex? Proving practicality. They targeted Pixel 9, Google’s fortress—Tensor G4, hardened kernel, the works. Still folded. That’s your data point: even top-tier Android crumbles when media decoders meet sloppy parsing.
Em-dashes for the win—it’s not just RCE; it’s a primer on why static blobs from third parties (Dolby, cough) are a vendor nightmare. No source? Blind patching. And that skip buffer? Spec-compliant overflow, because why not let variable_bits loop forever on junk input?
Is Pixel 9’s Kernel Driver the Real Weak Link?
Part 2 teases CVE-2025-36934: mediacodec sandbox chats with a vulnerable driver. Seth Jenkins dug in. Escalate from userland decoder to ring 0. Full chain, 0-click. No phishing, no app installs—just a message.
Here’s my unique take, absent from their post: this echoes the Qualcomm GPU driver sagas of yore, but stealthier. Back then, explicit renderer bugs. Now? Implicit trust in sandboxed media paths leaking to hardware. Prediction: by 2027, we’ll see OEMs mandating open-source decoders or dynamic analysis tools. Dolby’s blob model? Dead weight in a post-Project Zero world. Critique Google’s spin? They tout “automatic updates,” but these hit vendor/lib64—delayed by carriers, always.
Wander a sec: I’ve poked Samsung’s Monkey’s Audio, same vibe. Bitstream parsers love unbounded copies. Fix one, three more pop. Vendors question exploitability? Watch the chain.
Punchy: Attackers win on volume now. NSAs aside, script kiddies with SMS blasters could probe.
What Platforms Get Wrong About 0-Click Defense
Android’s mitigations—ASLR, PAC, shadow call stack—held up-ish, but gaps yawned. Media sandbox? Porous. Drivers? Exposed. iOS does better with XNU lockdowns, but Android’s fragmentation kills it. Pixels first, but “most Androids” carry UDC.
Deep dive: variable_bits pseudocode? Do-while on read_more, shifting value. Craft emdf_payload_id=0x1F, extend forever, OOB read-write city. EMDF container balloons, skip buffer trashed. Relro bypassed? Heap feng shui. They did it.
Bold call-out: PR spin from Mountain View ignores the why—rushing AI features without auditing decoders. Transcription’s cool, till it’s a trojan horse.
Medium para. Pixels updated Jan 2026. Others? Check your vendor.
🧬 Related Insights
Frequently Asked Questions
What is CVE-2025-54957 in Pixel 9?
Dolby Unified Decoder buffer overflow via crafted DD+ audio in Google Messages—0-click RCE in mediacodec.
Can 0-click exploits still hit updated Pixel 9?
No, fixed Jan 2026 patches seal it—but unpatched devices worldwide remain at risk.
Why do audio decoders enable Android 0-click attacks?
Auto-transcription decodes RCS/SMS media pre-open, bloating attack surface with parser bugs.
