3 matches found
Samsung Qmage codec for Android Skia library does not properly validate image files
Overview The Samsung Qmage codec used in the Android Skia library does not properly validate image files. A number of memory corruption vulnerabilities allow an attacker to execute arbitrary code by causing a vulnerable system to parse a Qmage file. Description The Samsung May 2020 Android Securi...
CVE-2020-8899
There is a buffer overwrite vulnerability in the Quram qmg library of Samsung's Android OS versions O8.x, P9.0 and Q10.0. An unauthenticated, unauthorized attacker sending a specially crafted MMS to a vulnerable phone can trigger a heap-based buffer overflow in the Quram image codec leading to an...
CVE-2020-8899
CVE-2020-8899 covers a buffer/heap overflow in Samsung’s Quram qmg (Qmage) codec used by Android Skia, affecting O(8.x), P(9.0), and Q(10.0). An unauthenticated MMS can trigger an RCE via a heap-based overflow in the Quram/QMG image decoding path (QMG/QM formats), with Project Zero documenting th...