📄 Samsung QuramDng Embedded DNG Out-Of-Bounds Read / Write

This proof of concept demonstrates an out-of-bounds read / write vulnerability in Samsung's QuramDng image parser, affecting Galaxy S22–S25 devices running One UI 6+. By crafting a malformed DNG that abuses the OpcodeList1 specifically the FixBadPixelsList opcode and embedding it inside a JPEG...

CVE-2022-33715

Improper access control and path traversal vulnerability in LauncherProvider prior to SMR Aug-2022 Release 1 allow local attacker to access files of One UI...

📄 Samsung QuramDng Out-Of-Bounds Write

Samsung QuramDng has an invalid LossyJpeg component assumption that leads to an out-of-bounds write. BACKGROUND Samsung Android uses an internal DNG decoding library, QuramDng in libimagecodec.quram.so, to decode images in com.samsung.ipservice and com.samsung.gallery3d. Samsung Gallery will deco...

EUVD-2020-6043

Malware in sbrugna...

EUVD-2022-32076

Malicious code in bioql PyPI...

EUVD-2025-27691

Malicious code in bioql PyPI...

EUVD-2022-30457

Malicious code in bioql PyPI...

EUVD-2024-34941

Malicious code in bioql PyPI...

EUVD-2023-35078

Malicious code in bioql PyPI...

EUVD-2023-35077

Malicious code in bioql PyPI...

EUVD-2022-36754

Malicious code in bioql PyPI...

CVE-2025-21032

Improper access control in One UI Home prior to SMR Sep-2025 Release 1 allows physical attackers to bypass Kiosk mode under limited conditions...

CVE-2025-21032

Improper access control in One UI Home prior to SMR Sep-2025 Release 1 allows physical attackers to bypass Kiosk mode under limited conditions...

CVE-2025-21032

Improper access control in One UI Home prior to SMR Sep-2025 Release 1 allows physical attackers to bypass Kiosk mode under limited conditions...

CVE-2025-21032

Improper access control in One UI Home prior to SMR Sep-2025 Release 1 allows physical attackers to bypass Kiosk mode under limited conditions...

CVE-2025-21032

Improper access control in One UI Home prior to SMR Sep-2025 Release 1 allows physical attackers to bypass Kiosk mode under limited conditions...

CVE-2025-21032

CVE-2025-21032 affects Samsung One UI Home prior to SMR Sep-2025 Release 1, with an improper access control risk that can allow a physical attacker to bypass Kiosk mode under limited conditions. Root cause is access-control weakness in One UI Home, as described across multiple sources (Red Hat ad...

CVE-2024-34642

Improper authorization in One UI Home prior to SMR Sep-2024 Release 1 allows physical attackers to temporarily access sensitive information...

CVE-2023-30714

Improper authorization vulnerability in FolderContainerDragDelegate in One UI Home prior to SMR Sep-2023 Release 1 allows physical attackers to change some settings of the folder lock...

CVE-2023-30713

Improper privilege management vulnerability in FolderLockNotifier in One UI Home prior to SMR Sep-2023 Release 1 allows local attackers to change some settings of the folder lock...