Lucene search

Samsung MobileCVELIST:CVE-2022-27824

HistoryApr 11, 2022 - 7:37 p.m.

CVE-2022-27824

2022-04-1119:37:19

CWE-125

Samsung Mobile

www.cve.org

improper size check

sapefd_parse_meta_description

smr apr-2022 release

out of bounds read

crafted media file

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

6.9

Confidence

High

EPSS

0.001

Percentile

17.6%

JSON

Improper size check of in sapefd_parse_meta_DESCRIPTION function of libsapeextractor library prior to SMR Apr-2022 Release 1 allows out of bounds read via a crafted media file

CNA Affected

[
  {
    "product": "Samsung Mobile Devices",
    "vendor": "Samsung Mobile",
    "versions": [
      {
        "lessThan": "SMR Apr-2022 Release 1",
        "status": "affected",
        "version": "Q(10), R(11), S(12)",
        "versionType": "custom"
      }
    ]
  }
]

References

security.samsungmobile.com/securityUpdate.smsb?year=2022&month=4

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

6.9

Confidence

High

EPSS

0.001

Percentile

17.6%

JSON

Related for CVELIST:CVE-2022-27824