Description
In onHeaderDecoded of LocalImageResolver.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
Published: 2026-04-06
Score: 6.2 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch ASAP
AI Analysis

Impact

A vulnerability in the LocalImageResolver module of Android can cause persistent denial of service through resource exhaustion when processing image headers. This flaw allows an attacker to repeatedly trigger the onHeaderDecoded function, depleting system resources until normal operation is impaired. It is classified as a resource exhaustion weakness and does not require elevated privileges or user interaction.

Affected Systems

The flaw resides in Google Android systems. Specific affected releases are not enumerated in the data, so all currently deployed Android versions may be susceptible until a patch is released by Google.

Risk and Exploitability

The CVSS score of 6.2 indicates a moderate severity. With no EPSS data and absence from the CISA KEV list, immediate exploitation risk appears low, but a local attacker can loop the exploit to degrade service availability. The impact is strictly local denial of service, and there are no known workarounds or mitigation techniques besides applying the vendor patch.

Generated by OpenCVE AI on April 7, 2026 at 02:19 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Android security patch that addresses the LocalImageResolver denial‑of‑service issue
  • Monitor Google security bulletins for an upcoming patch if one is not yet available

Generated by OpenCVE AI on April 7, 2026 at 02:19 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Apr 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google android
Vendors & Products Google
Google android

Tue, 07 Apr 2026 08:00:00 +0000

Type Values Removed Values Added
Title Persistent Denial of Service via Resource Exhaustion in LocalImageResolver

Mon, 06 Apr 2026 20:00:00 +0000

Type Values Removed Values Added
Description In onHeaderDecoded of LocalImageResolver.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
Weaknesses CWE-400
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Subscriptions

Google Android
cve-icon MITRE

Status: PUBLISHED

Assigner: google_android

Published:

Updated: 2026-04-06T18:39:43.404Z

Reserved: 2025-10-15T15:39:42.902Z

Link: CVE-2026-0049

cve-icon Vulnrichment

Updated: 2026-04-06T18:39:33.329Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-06T19:16:26.280

Modified: 2026-04-07T13:20:11.643

Link: CVE-2026-0049

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-07T09:37:47Z

Weaknesses