Lucene search
K

74 matches found

ATTACKERKB
ATTACKERKB
added 5 days ago6 views

CVE-2026-21048

Out-of-bounds write in parsing DNG format in libimagecodec.media.quram.so prior to SMR Jul-2026 Release 1 allows remote attackers to write out-of-bounds memory...

8.3CVSS6AI score0.00379EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2026/02/18 12:0 a.m.268 views

📄 Samsung QuramDng Malformed DNG TrimBounds Opcode Out‑Of‑Bounds Read

A vulnerability exists in the image decoding logic of Quram DNG parser within libimagecodec.quram.so. The flawed bounds validation in handling TrimBounds opcode triggers out-of-bounds reads on heap-allocated image buffers. This issue allows remote attackers to craft a malicious DNG payload, embed...

7.5CVSS6.5AI score0.00271EPSS
Exploits3
Packet Storm
Packet Storm
added 2026/02/09 12:0 a.m.206 views

📄 Samsung QuramDNG Type Confusion Detector Vulnerability Scanner

This C++ scanner analyzes DNG Digital Negative files for the CVE-2025-58478 type confusion vulnerability in the libimagecodec.quram.so library used on Samsung devices...

7.5CVSS5.5AI score0.0022EPSS
Exploits2
Packet Storm
Packet Storm
added 2026/02/09 12:0 a.m.166 views

📄 Samsung Quram DNG TrimBounds Out-Of-Bounds Read

A vulnerability exists in the image decoding logic of Quram DNG parser within libimagecodec.quram.so. The flawed bounds validation in handling TrimBounds opcode triggers out-of-bounds reads on heap-allocated image buffers. This issue allows remote attackers to craft a malicious DNG payload, embed...

7.5CVSS6.5AI score0.00271EPSS
Exploits3
Packet Storm
Packet Storm
added 2026/02/09 12:0 a.m.194 views

📄 Samsung Quram DNG Advanced Remote Code Execution

This proof of concept uses an advanced exploitation technique that allows a remote attacker to execute arbitrary code on a target device by carefully controlling and manipulating memory in the target application or library. This technique is particularly used against memory-sensitive libraries li...

7.5CVSS6.2AI score0.00274EPSS
Exploits2
Packet Storm
Packet Storm
added 2026/02/09 12:0 a.m.167 views

📄 Samsung Quram DNG Heap Corruption

Samsung devices utilize Quram's DNG decoder. A malformed ScalePerColumn opcode with oversized areaSpec and extreme pitches leads to arithmetic overflow in the per-column scaling loop. After allocation miscalculation, subsequent writes corrupt heap structures. Carefully crafted payloads enable...

9.8CVSS5.6AI score0.01435EPSS
Exploits3
Packet Storm
Packet Storm
added 2026/02/09 12:0 a.m.276 views

📄 Samsung Quram DNG Remote Code Execution

A vulnerability exists in Samsung's image decoding library libimagecodec.quram.so responsible for parsing Digital Negatives DNG. A malformed DNG containing oversized IFD entries can cause heap corruption. With precise heap grooming, this condition may lead to remote code execution when the...

9.8CVSS6.4AI score0.01435EPSS
Exploits3
RedhatCVE
RedhatCVE
added 2026/01/09 8:40 a.m.7 views

CVE-2022-26092

Improper boundary check in Quram Agif library prior to SMR Apr-2022 Release 1 allows arbitrary code execution...

7.8CVSS7.2AI score0.00134EPSS
Exploits0References1
NVD
NVD
added 2026/01/09 7:16 a.m.7 views

CVE-2026-20973

Out-of-bounds read in libimagecodec.quram.so prior to SMR Jan-2026 Release 1 allows remote attacker to access out-of-bounds memory...

9.1CVSS0.00393EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2026/01/09 6:16 a.m.3 views

CVE-2026-20973

Out-of-bounds read in libimagecodec.quram.so prior to SMR Jan-2026 Release 1 allows remote attacker to access out-of-bounds memory...

5.3CVSS6.4AI score0.00393EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:16 a.m.7 views

CVE-2022-27821

Improper boundary check in Quram Agif library prior to SMR Apr-2022 Release 1 allows attackers to cause denial of service via crafted image file...

5.5CVSS6.7AI score0.00267EPSS
Exploits0References1
GoogleProjectZero
GoogleProjectZero
added 2025/12/12 12:0 a.m.17 views

A look at an Android ITW DNG exploit

Posted by Benoît Sevens, Google Threat Intelligence Group Introduction Between July 2024 and February 2025, 6 suspicious image files were uploaded to VirusTotal. Thanks to a lead from Meta, these samples came to the attention of Google Threat Intelligence Group. Investigation of these images show...

9.8CVSS7.8AI score0.11606EPSS
Exploits1
NVD
NVD
added 2025/12/02 2:15 a.m.4 views

CVE-2025-58480

Heap-based buffer overflow in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory...

7.5CVSS0.00223EPSS
Exploits1References1
NVD
NVD
added 2025/12/02 2:15 a.m.15 views

CVE-2025-58479

Out-of-bounds read in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory...

7.5CVSS0.00234EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/12/02 1:24 a.m.16 views

CVE-2025-58480

Heap-based buffer overflow in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory...

4.3CVSS0.00223EPSS
Exploits1References1
EUVD
EUVD
added 2025/12/02 1:24 a.m.6 views

EUVD-2025-200140

Out-of-bounds write in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory...

4.3CVSS6.4AI score0.0022EPSS
Exploits2References2
CVE
CVE
added 2025/12/02 1:24 a.m.11 views

CVE-2025-58478

The CVE-2025-58478 vulnerability is an out-of-bounds write in libimagecodec.quram.so, reported to exist prior to the Samsung SMR Dec-2025 Release 1. The issue permits remote access to out-of-bounds memory on affected Samsung devices. Connected sources corroborate the affected component and generi...

7.5CVSS6.5AI score0.0022EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2025/12/02 1:24 a.m.14 views

CVE-2025-58477

CVE-2025-58477 describes an out-of-bounds write in parsing the IFD tag in libimagecodec.quram.so on Samsung mobile devices. The root cause is likely improper bounds checking during IFD tag parsing, enabling a remote attacker to access memory outside expected bounds. The documented remediation is ...

6.5CVSS6.5AI score0.0022EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/02 12:0 a.m.5 views

PT-2025-48598

Heap-based buffer overflow in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory...

4.3CVSS7.3AI score0.00223EPSS
Exploits1References2
Packet Storm
Packet Storm
added 2025/12/02 12:0 a.m.229 views

📄 Android 13 Quram DNG Codec Memory Corruption

An out-of-bounds read/write vulnerability in Samsung's Quram image codec library libimagecodec.quram.so is triggered when the library processes a maliciously crafted image file, causing memory access outside the intended buffer boundaries...

7.5CVSS7.1AI score0.00274EPSS
Exploits2
Rows per page
Query Builder