CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

73 matches found

Packet Storm•added 2026/02/18 12:0 a.m.•176 views

📄 Samsung QuramDng Malformed DNG TrimBounds Opcode Out‑Of‑Bounds Read

A vulnerability exists in the image decoding logic of Quram DNG parser within libimagecodec.quram.so. The flawed bounds validation in handling TrimBounds opcode triggers out-of-bounds reads on heap-allocated image buffers. This issue allows remote attackers to craft a malicious DNG payload, embed...

7.5CVSS6.5AI score0.00046EPSS

Exploits3

Packet Storm•added 2026/02/09 12:0 a.m.•122 views

📄 Samsung Quram DNG Heap Corruption

Samsung devices utilize Quram's DNG decoder. A malformed ScalePerColumn opcode with oversized areaSpec and extreme pitches leads to arithmetic overflow in the per-column scaling loop. After allocation miscalculation, subsequent writes corrupt heap structures. Carefully crafted payloads enable...

9.8CVSS5.6AI score0.04908EPSS

Exploits3

Packet Storm•added 2026/02/09 12:0 a.m.•141 views

📄 Samsung Quram DNG Advanced Remote Code Execution

This proof of concept uses an advanced exploitation technique that allows a remote attacker to execute arbitrary code on a target device by carefully controlling and manipulating memory in the target application or library. This technique is particularly used against memory-sensitive libraries li...

7.5CVSS6.2AI score0.00044EPSS

Exploits2

Packet Storm•added 2026/02/09 12:0 a.m.•150 views

📄 Samsung QuramDNG Type Confusion Detector Vulnerability Scanner

This C++ scanner analyzes DNG Digital Negative files for the CVE-2025-58478 type confusion vulnerability in the libimagecodec.quram.so library used on Samsung devices...

7.5CVSS5.5AI score0.00043EPSS

Exploits2

Packet Storm•added 2026/02/09 12:0 a.m.•213 views

📄 Samsung Quram DNG Remote Code Execution

A vulnerability exists in Samsung's image decoding library libimagecodec.quram.so responsible for parsing Digital Negatives DNG. A malformed DNG containing oversized IFD entries can cause heap corruption. With precise heap grooming, this condition may lead to remote code execution when the...

9.8CVSS6.4AI score0.04908EPSS

Exploits3

Packet Storm•added 2026/02/09 12:0 a.m.•122 views

📄 Samsung Quram DNG TrimBounds Out-Of-Bounds Read

7.5CVSS6.5AI score0.00046EPSS

Exploits3

RedhatCVE•added 2026/01/09 8:40 a.m.•3 views

CVE-2022-26092

Improper boundary check in Quram Agif library prior to SMR Apr-2022 Release 1 allows arbitrary code execution...

7.8CVSS7.2AI score0.00016EPSS

Exploits0References1

NVD•added 2026/01/09 7:16 a.m.•2 views

CVE-2026-20973

Out-of-bounds read in libimagecodec.quram.so prior to SMR Jan-2026 Release 1 allows remote attacker to access out-of-bounds memory...

9.1CVSS0.00024EPSS

Exploits2References1

Vulnrichment•added 2026/01/09 6:16 a.m.•1 views

CVE-2026-20973

Out-of-bounds read in libimagecodec.quram.so prior to SMR Jan-2026 Release 1 allows remote attacker to access out-of-bounds memory...

5.3CVSS6.4AI score0.00024EPSS

Exploits2References1

RedhatCVE•added 2026/01/07 9:16 a.m.•3 views

CVE-2022-27821

Improper boundary check in Quram Agif library prior to SMR Apr-2022 Release 1 allows attackers to cause denial of service via crafted image file...

5.5CVSS6.7AI score0.0005EPSS

Exploits0References1

GoogleProjectZero•added 2025/12/12 12:0 a.m.•14 views

A look at an Android ITW DNG exploit

Posted by Benoît Sevens, Google Threat Intelligence Group Introduction Between July 2024 and February 2025, 6 suspicious image files were uploaded to VirusTotal. Thanks to a lead from Meta, these samples came to the attention of Google Threat Intelligence Group. Investigation of these images show...

9.8CVSS7.8AI score0.04412EPSS

Exploits1

NVD•added 2025/12/02 2:15 a.m.•3 views

CVE-2025-58479

Out-of-bounds read in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory...

7.5CVSS0.00041EPSS

Exploits1References1

NVD•added 2025/12/02 2:15 a.m.•1 views

CVE-2025-58480

Heap-based buffer overflow in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory...

7.5CVSS0.00043EPSS

Exploits1References1

Cvelist•added 2025/12/02 1:24 a.m.•3 views

CVE-2025-58480

Heap-based buffer overflow in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory...

4.3CVSS0.00043EPSS

Exploits1References1

CVE•added 2025/12/02 1:24 a.m.•4 views

CVE-2025-58478

The CVE-2025-58478 vulnerability is an out-of-bounds write in libimagecodec.quram.so, reported to exist prior to the Samsung SMR Dec-2025 Release 1. The issue permits remote access to out-of-bounds memory on affected Samsung devices. Connected sources corroborate the affected component and generi...

7.5CVSS6.5AI score0.00043EPSS

Exploits2References1Affected Software1

EUVD•added 2025/12/02 1:24 a.m.•1 views

EUVD-2025-200140

Out-of-bounds write in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory...

4.3CVSS6.4AI score0.00043EPSS

Exploits2References2

CVE•added 2025/12/02 1:24 a.m.•5 views

CVE-2025-58477

CVE-2025-58477 describes an out-of-bounds write in parsing the IFD tag in libimagecodec.quram.so on Samsung mobile devices. The root cause is likely improper bounds checking during IFD tag parsing, enabling a remote attacker to access memory outside expected bounds. The documented remediation is ...

6.5CVSS6.5AI score0.00043EPSS

Exploits0References1Affected Software1

Packet Storm•added 2025/12/02 12:0 a.m.•182 views

📄 Android 13 Quram DNG Codec Memory Corruption

An out-of-bounds read/write vulnerability in Samsung's Quram image codec library libimagecodec.quram.so is triggered when the library processes a maliciously crafted image file, causing memory access outside the intended buffer boundaries...

7.5CVSS7.1AI score0.00044EPSS

Exploits2