12 matches found
CVE-2026-20973
Out-of-bounds read in libimagecodec.quram.so prior to SMR Jan-2026 Release 1 allows remote attacker to access out-of-bounds memory...
A look at an Android ITW DNG exploit
Posted by Benoît Sevens, Google Threat Intelligence Group Introduction Between July 2024 and February 2025, 6 suspicious image files were uploaded to VirusTotal. Thanks to a lead from Meta, these samples came to the attention of Google Threat Intelligence Group. Investigation of these images show...
CVE-2025-21074
CVE-2025-21074 affects the Quram DNG parser in libimagecodec.quram.so. The root cause is flawed bounds validation on the TrimBounds opcode, leading to out-of-bounds reads on heap-allocated image buffers. Reported impact includes remote crashes, ASLR information leakage, and, per a PacketStorm wri...
EUVD-2021-12242
Malware in sbrugna...
CVE-2025-21042
Out-of-bounds write in libimagecodec.quram.so prior to SMR Apr-2025 Release 1 allows remote attackers to execute arbitrary code...
CVE-2021-25346
A possible arbitrary memory overwrite vulnerabilities in quram library version prior to SMR Jan-2021 Release 1 allow arbitrary code execution...
CVE-2024-34663
Integer overflow in libSEF.quram.so prior to SMR Oct-2024 Release 1 allows local attackers to write out-of-bounds memory...
CVE-2021-25346
A possible arbitrary memory overwrite vulnerabilities in quram library version prior to SMR Jan-2021 Release 1 allow arbitrary code execution...
CVE-2021-25346
A possible arbitrary memory overwrite vulnerabilities in quram library version prior to SMR Jan-2021 Release 1 allow arbitrary code execution...
CVE-2021-25346
CVE-2021-25346 affects Samsung quram library, with vulnerable versions prior to SMR Jan-2021 Release 1. The root cause is an arbitrary memory overwrite that can lead to arbitrary code execution. Publicly documented impact aligns with memory corruption in quram components; Samsung has released sec...
CVE-2021-25346
A possible arbitrary memory overwrite vulnerabilities in quram library version prior to SMR Jan-2021 Release 1 allow arbitrary code execution...
CVE-2020-8899 Memory corruption in Quram library when decoding qmg can lead to RCE
There is a buffer overwrite vulnerability in the Quram qmg library of Samsung's Android OS versions O8.x, P9.0 and Q10.0. An unauthenticated, unauthorized attacker sending a specially crafted MMS to a vulnerable phone can trigger a heap-based buffer overflow in the Quram image codec leading to an...