📄 Samsung Quram DNG Remote Code Execution

A vulnerability exists in Samsung's image decoding library libimagecodec.quram.so responsible for parsing Digital Negatives DNG. A malformed DNG containing oversized IFD entries can cause heap corruption. With precise heap grooming, this condition may lead to remote code execution when the...

CVE-2025-58479

Out-of-bounds read in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory...

CVE-2025-58480

Heap-based buffer overflow in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory...

CVE-2025-58478

The CVE-2025-58478 vulnerability is an out-of-bounds write in libimagecodec.quram.so, reported to exist prior to the Samsung SMR Dec-2025 Release 1. The issue permits remote access to out-of-bounds memory on affected Samsung devices. Connected sources corroborate the affected component and generi...

EUVD-2025-200140

Out-of-bounds write in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory...

CVE-2025-58477

CVE-2025-58477 describes an out-of-bounds write in parsing the IFD tag in libimagecodec.quram.so on Samsung mobile devices. The root cause is likely improper bounds checking during IFD tag parsing, enabling a remote attacker to access memory outside expected bounds. The documented remediation is ...

PT-2025-48598

Heap-based buffer overflow in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory...

CVE-2025-21074

Out-of-bounds read in libimagecodec.quram.so prior to SMR Nov-2025 Release 1 allows remote attackers to access out-of-bounds memory...

CVE-2025-21074

Out-of-bounds read in libimagecodec.quram.so prior to SMR Nov-2025 Release 1 allows remote attackers to access out-of-bounds memory...

CVE-2025-21075

Out-of-bounds write in libimagecodec.quram.so prior to SMR Nov-2025 Release 1 allows remote attackers to access out-of-bounds memory...

CVE-2025-21055

Out-of-bounds read and write in libimagecodec.quram.so prior to SMR Oct-2025 Release 1 allows remote attackers to access out-of-bounds memory...

CVE-2025-21055

Out-of-bounds read and write in libimagecodec.quram.so prior to SMR Oct-2025 Release 1 allows remote attackers to access out-of-bounds memory...

CVE-2025-21043

Out-of-bounds write in libimagecodec.quram.so prior to SMR Sep-2025 Release 1 allows remote attackers to execute arbitrary code...

CVE-2025-21042

Out-of-bounds write in libimagecodec.quram.so prior to SMR Apr-2025 Release 1 allows remote attackers to execute arbitrary code...

CVE-2025-21042

Out-of-bounds write in libimagecodec.quram.so prior to SMR Apr-2025 Release 1 allows remote attackers to execute arbitrary code...

CVE-2025-21043

Out-of-bounds write in libimagecodec.quram.so prior to SMR Sep-2025 Release 1 allows remote attackers to execute arbitrary code...

CVE-2025-21042

Out-of-bounds write in libimagecodec.quram.so prior to SMR Apr-2025 Release 1 allows remote attackers to execute arbitrary code...

PT-2025-37296

Name of the Vulnerable Software and Affected Versions Samsung Galaxy devices versions prior to April 2025 Security Maintenance Release SMR Apr-2025 Release 1 Samsung Galaxy S10e not affected Samsung Galaxy S22, S23, S24 Samsung Galaxy Z Fold4 Samsung Galaxy Z Flip4 Description A critical...