{"id":41395,"date":"2026-02-18T11:48:35","date_gmt":"2026-02-18T11:48:35","guid":{"rendered":"http:\/\/localhost\/?p=41395"},"modified":"2026-02-18T11:48:35","modified_gmt":"2026-02-18T11:48:35","slug":"samsung-quramdng-type-confusion-detector-vulnerability-scanner","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=41395","title":{"rendered":"\ud83d\udcc4 Samsung QuramDNG Type Confusion Detector Vulnerability Scanner_PACKETSTORM:215827"},"content":{"rendered":"

{“lastseen”:”2026-02-18T17:32:28″,”description”:”This C++ scanner analyzes DNG Digital Negative files for the CVE-2025-58478 type confusion vulnerability in the libimagecodec.quram.so library used on Samsung devices…”,”published”:”2026-02-18T00:00:00″,”modified”:”2026-02-18T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Samsung QuramDNG Type Confusion Detector Vulnerability Scanner”,”source”:””,”references”:””,”id”:”PACKETSTORM:215827″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-58478″],”sourceData”:”=============================================================================================================================================\\n | # Title : Samsung QuramDNG Type Confusion Detector Vulnerability Scanner |\\n | # Author : indoushka |\\n | # Tested on : windows 11 Fr(Pro) \/ browser : Mozilla firefox 147.0.1 (64 bits) |\\n | # Vendor : https:\/\/www.samsung.com\/us\/ |\\n =============================================================================================================================================\\n \\n [+] Summary : This C++ scanner analyzes DNG (Digital Negative) files for the CVE-2025-58478 type confusion vulnerability in the libimagecodec.quram.so library used on Samsung devices.\\n \\n [+] Affected Versions :\\n \\n Samsung One UI 6.0 to One UI 8.0\\n \\n Android 14, 15, and 16\\n \\n Observed on Samsung Galaxy S22, S23, S24, and S25 series\\n \\n [+] Key features :\\n \\n Validates DNG\/TIFF headers (Little\/Big Endian).\\n \\n Parses complete IFD chains and entries safely.\\n \\n Inspects high\u2011risk tags including OpcodeList1, BitsPerSample, and SampleFormat.\\n \\n Detects type confusion scenarios where 8\u2011bit unsigned image data is misinterpreted as 32\u2011bit floating\u2011point data by the QuramDNG decoder.\\n \\n Flags malformed opcode structures that may lead to out\u2011of\u2011bounds memory access and potential code execution.\\n \\n Produces a clear vulnerability report with exploit logic, affected components, and mitigation status.\\n \\n [+] Fix Status :\\n \\n Patched in Samsung December 2025 Security Update\\n \\n This tool is intended for defensive security analysis and forensic validation of DNG files on Samsung platforms.\\n \\n [+] POC :\\n \\n #include \\u003ciostream\\u003e\\n #include \\u003cfstream\\u003e\\n #include \\u003cvector\\u003e\\n #include \\u003ccstdint\\u003e\\n #include \\u003ccstring\\u003e\\n #include \\u003ciomanip\\u003e\\n #include \\u003calgorithm\\u003e\\n #include \\u003cunordered_map\\u003e\\n #include \\u003csstream\\u003e\\n \\n class DNGVulnerabilityScanner {\\n private:\\n std::vector\\u003cuint8_t\\u003e fileData;\\n bool littleEndian;\\n bool isTiffValid;\\n bool vulnerabilityFound;\\n \\n public:\\n DNGVulnerabilityScanner() : littleEndian(true), isTiffValid(false), vulnerabilityFound(false) {}\\n \\n bool loadFile(const std::string\\u0026 filename) {\\n std::ifstream file(filename, std::ios::binary);\\n if (!file) {\\n std::cerr \\u003c\\u003c \\”[-] Failed to open file: \\” \\u003c\\u003c filename \\u003c\\u003c std::endl;\\n return false;\\n }\\n \\n file.seekg(0, std::ios::end);\\n size_t size = file.tellg();\\n file.seekg(0, std::ios::beg);\\n \\n if (size == 0) {\\n std::cerr \\u003c\\u003c \\”[-] File is empty\\” \\u003c\\u003c std::endl;\\n return false;\\n }\\n \\n fileData.resize(size);\\n file.read(reinterpret_cast\\u003cchar*\\u003e(fileData.data()), size);\\n \\n std::cout \\u003c\\u003c \\”[+] Loaded file: \\” \\u003c\\u003c filename \\n \\u003c\\u003c \\” (\\” \\u003c\\u003c size \\u003c\\u003c \\” bytes)\\” \\u003c\\u003c std::endl;\\n return true;\\n }\\n \\n bool isVulnerable() const {\\n return vulnerabilityFound;\\n }\\n \\n bool isValidOffset(size_t offset, size_t size = 1) const {\\n return offset \\u003c fileData.size() \\u0026\\u0026 (offset + size) \\u003c= fileData.size();\\n }\\n \\n uint16_t readU16(size_t offset) const {\\n if (!isValidOffset(offset, 2)) return 0;\\n if (littleEndian) {\\n return static_cast\\u003cuint16_t\\u003e(fileData[offset]) | \\n (static_cast\\u003cuint16_t\\u003e(fileData[offset+1]) \\u003c\\u003c 8);\\n }\\n return (static_cast\\u003cuint16_t\\u003e(fileData[offset]) \\u003c\\u003c 8) | \\n static_cast\\u003cuint16_t\\u003e(fileData[offset+1]);\\n }\\n \\n uint32_t readU32(size_t offset) const {\\n if (!isValidOffset(offset, 4)) return 0;\\n if (littleEndian) {\\n return static_cast\\u003cuint32_t\\u003e(fileData[offset]) | \\n (static_cast\\u003cuint32_t\\u003e(fileData[offset+1]) \\u003c\\u003c 8) | \\n (static_cast\\u003cuint32_t\\u003e(fileData[offset+2]) \\u003c\\u003c 16) | \\n (static_cast\\u003cuint32_t\\u003e(fileData[offset+3]) \\u003c\\u003c 24);\\n }\\n return (static_cast\\u003cuint32_t\\u003e(fileData[offset]) \\u003c\\u003c 24) | \\n (static_cast\\u003cuint32_t\\u003e(fileData[offset+1]) \\u003c\\u003c 16) | \\n (static_cast\\u003cuint32_t\\u003e(fileData[offset+2]) \\u003c\\u003c 8) | \\n static_cast\\u003cuint32_t\\u003e(fileData[offset+3]);\\n }\\n \\n float readFloat(size_t offset) const {\\n uint32_t intValue = readU32(offset);\\n float result;\\n std::memcpy(\\u0026result, \\u0026intValue, sizeof(float));\\n return result;\\n }\\n \\n std::string getTagName(uint16_t tag) const {\\n static const std::unordered_map\\u003cuint16_t, std::string\\u003e tagNames = {\\n {254, \\”NewSubFileType\\”},\\n {256, \\”ImageWidth\\”},\\n {257, \\”ImageLength\\”},\\n {258, \\”BitsPerSample\\”},\\n {259, \\”Compression\\”},\\n {262, \\”PhotometricInterpretation\\”},\\n {277, \\”SamplesPerPixel\\”},\\n {279, \\”StripByteCounts\\”},\\n {282, \\”XResolution\\”},\\n {283, \\”YResolution\\”},\\n {284, \\”PlanarConfiguration\\”},\\n {296, \\”ResolutionUnit\\”},\\n {339, \\”SampleFormat\\”},\\n {322, \\”TileWidth\\”},\\n {323, \\”TileLength\\”},\\n {324, \\”TileOffsets\\”},\\n {325, \\”TileByteCounts\\”},\\n {50706, \\”DNGVersion\\”},\\n {50707, \\”DNGBackwardVersion\\”},\\n {50708, \\”UniqueCameraModel\\”},\\n {50709, \\”LocalizedCameraModel\\”},\\n {50710, \\”CFAPlaneColor\\”},\\n {50711, \\”CFALayout\\”},\\n {50712, \\”LinearizationTable\\”},\\n {50713, \\”BlackLevelRepeatDim\\”},\\n {50714, \\”BlackLevel\\”},\\n {50715, \\”BlackLevelDeltaH\\”},\\n {50716, \\”BlackLevelDeltaV\\”},\\n {50717, \\”WhiteLevel\\”},\\n {50718, \\”DefaultScale\\”},\\n {50719, \\”DefaultCropOrigin\\”},\\n {50720, \\”DefaultCropSize\\”},\\n {50827, \\”ActiveArea\\”},\\n {50828, \\”MaskedAreas\\”},\\n {50829, \\”AsShotNeutral\\”},\\n {50931, \\”OriginalRawFileName\\”},\\n {50932, \\”OriginalRawFileData\\”},\\n {50964, \\”AsShotICCProfile\\”},\\n {50965, \\”AsShotPreProfileMatrix\\”},\\n {50966, \\”CurrentICCProfile\\”},\\n {50967, \\”CurrentPreProfileMatrix\\”},\\n {51008, \\”OpcodeList1\\”},\\n {51009, \\”OpcodeList2\\”},\\n {51022, \\”NoiseProfile\\”},\\n };\\n \\n auto it = tagNames.find(tag);\\n if (it != tagNames.end()) return it-\\u003esecond;\\n \\n std::stringstream ss;\\n ss \\u003c\\u003c \\”UnknownTag(0x\\” \\u003c\\u003c std::hex \\u003c\\u003c std::setw(4) \\u003c\\u003c std::setfill(‘0’) \\u003c\\u003c tag \\u003c\\u003c \\”)\\”;\\n return ss.str();\\n }\\n \\n std::string getTypeName(uint16_t type) const {\\n switch(type) {\\n case 1: return \\”BYTE\\”;\\n case 2: return \\”ASCII\\”;\\n case 3: return \\”SHORT\\”;\\n case 4: return \\”LONG\\”;\\n case 5: return \\”RATIONAL\\”;\\n case 6: return \\”SBYTE\\”;\\n case 7: return \\”UNDEFINED\\”;\\n case 8: return \\”SSHORT\\”;\\n case 9: return \\”SLONG\\”;\\n case 10: return \\”SRATIONAL\\”;\\n case 11: return \\”FLOAT\\”;\\n case 12: return \\”DOUBLE\\”;\\n default: return \\”UNKNOWN(\\” + std::to_string(type) + \\”)\\”;\\n }\\n }\\n \\n size_t getTypeSize(uint16_t type) const {\\n switch(type) {\\n case 1: case 2: case 6: case 7: return 1;\\n case 3: case 8: return 2;\\n case 4: case 9: case 11: return 4;\\n case 5: case 10: case 12: return 8;\\n default: return 1; \/\/ Default to 1 byte for unknown types\\n }\\n }\\n \\n bool validateTIFFHeader() {\\n if (fileData.size() \\u003c 8) {\\n std::cerr \\u003c\\u003c \\”[-] File too small for TIFF header\\” \\u003c\\u003c std::endl;\\n return false;\\n }\\n \\n if (fileData[0] == 0x49 \\u0026\\u0026 fileData[1] == 0x49) {\\n littleEndian = true;\\n std::cout \\u003c\\u003c \\”[+] Byte Order: Little Endian (II)\\” \\u003c\\u003c std::endl;\\n } else if (fileData[0] == 0x4D \\u0026\\u0026 fileData[1] == 0x4D) {\\n littleEndian = false;\\n std::cout \\u003c\\u003c \\”[+] Byte Order: Big Endian (MM)\\” \\u003c\\u003c std::endl;\\n } else {\\n std::cerr \\u003c\\u003c \\”[-] Invalid TIFF byte order marker\\” \\u003c\\u003c std::endl;\\n return false;\\n }\\n \\n uint16_t magic = readU16(2);\\n if (magic != 42) {\\n std::cerr \\u003c\\u003c \\”[-] Invalid TIFF magic number: \\” \\u003c\\u003c magic \\u003c\\u003c std::endl;\\n return false;\\n }\\n \\n std::cout \\u003c\\u003c \\”[+] Valid TIFF magic number: \\” \\u003c\\u003c magic \\u003c\\u003c std::endl;\\n isTiffValid = true;\\n return true;\\n }\\n \\n bool parseIFDChain(uint32_t firstIFDOffset) {\\n uint32_t currentIFDOffset = firstIFDOffset;\\n int ifdNumber = 0;\\n bool foundInAnyIFD = false;\\n \\n while (currentIFDOffset != 0 \\u0026\\u0026 ifdNumber \\u003c 10) { \\n bool foundInThisIFD = parseIFD(currentIFDOffset, ifdNumber);\\n if (foundInThisIFD) {\\n foundInAnyIFD = true;\\n }\\n \\n if (!isValidOffset(currentIFDOffset, 2)) {\\n break;\\n }\\n \\n uint16_t entryCount = readU16(currentIFDOffset);\\n size_t nextIFDOffsetPos = currentIFDOffset + 2 + (entryCount * 12);\\n \\n if (!isValidOffset(nextIFDOffsetPos, 4)) {\\n break;\\n }\\n \\n currentIFDOffset = readU32(nextIFDOffsetPos);\\n ifdNumber++;\\n }\\n \\n return foundInAnyIFD;\\n }\\n \\n bool parseIFD(uint32_t ifdOffset, int ifdNumber = 0) {\\n if (!isValidOffset(ifdOffset, 2)) {\\n std::cerr \\u003c\\u003c \\”[-] IFD\\” \\u003c\\u003c ifdNumber \\u003c\\u003c \\” offset out of bounds: 0x\\” \\n \\u003c\\u003c std::hex \\u003c\\u003c ifdOffset \\u003c\\u003c std::dec \\u003c\\u003c std::endl;\\n return false;\\n }\\n \\n uint16_t entryCount = readU16(ifdOffset);\\n std::cout \\u003c\\u003c \\”\\\\n[+] IFD\\” \\u003c\\u003c ifdNumber \\u003c\\u003c \\” at offset 0x\\” \\u003c\\u003c std::hex \\u003c\\u003c ifdOffset\\n \\u003c\\u003c \\” has \\” \\u003c\\u003c std::dec \\u003c\\u003c entryCount \\u003c\\u003c \\” entries\\” \\u003c\\u003c std::endl;\\n \\n size_t entryOffset = ifdOffset + 2;\\n bool foundVulnerabilityInThisIFD = false;\\n \\n for (uint16_t i = 0; i \\u003c entryCount; i++) {\\n if (!isValidOffset(entryOffset, 12)) {\\n std::cerr \\u003c\\u003c \\”[-] IFD entry \\” \\u003c\\u003c i \\u003c\\u003c \\” out of bounds\\” \\u003c\\u003c std::endl;\\n break;\\n }\\n \\n uint16_t tag = readU16(entryOffset);\\n uint16_t type = readU16(entryOffset + 2);\\n uint32_t count = readU32(entryOffset + 4);\\n \\n std::cout \\u003c\\u003c \\”\\\\n [\\” \\u003c\\u003c i \\u003c\\u003c \\”] \\” \\u003c\\u003c getTagName(tag) \\n \\u003c\\u003c \\” (0x\\” \\u003c\\u003c std::hex \\u003c\\u003c tag \\u003c\\u003c \\”)\\” \\u003c\\u003c std::dec \\u003c\\u003c std::endl;\\n std::cout \\u003c\\u003c \\” Type: \\” \\u003c\\u003c getTypeName(type) \\u003c\\u003c \\” (\\” \\u003c\\u003c type \\u003c\\u003c \\”)\\” \\u003c\\u003c std::endl;\\n std::cout \\u003c\\u003c \\” Count: \\” \\u003c\\u003c count \\u003c\\u003c std::endl;\\n \\n bool isVulnerable = handleIFDEntryValue(tag, type, count, entryOffset + 8, ifdNumber);\\n if (isVulnerable) {\\n foundVulnerabilityInThisIFD = true;\\n vulnerabilityFound = true;\\n }\\n \\n entryOffset += 12;\\n }\\n \\n return foundVulnerabilityInThisIFD;\\n }\\n \\n bool handleIFDEntryValue(uint16_t tag, uint16_t type, uint32_t count, \\n size_t valueOffset, int ifdNumber) {\\n size_t typeSize = getTypeSize(type);\\n uint64_t totalSize = static_cast\\u003cuint64_t\\u003e(count) * static_cast\\u003cuint64_t\\u003e(typeSize);\\n bool isVulnerable = false;\\n \\n if (totalSize \\u003c= 4) {\\n \\n std::cout \\u003c\\u003c \\” Value: \\”;\\n printValue(tag, type, count, valueOffset, static_cast\\u003csize_t\\u003e(totalSize), false);\\n } else {\\n \\n uint32_t dataOffset = readU32(valueOffset);\\n std::cout \\u003c\\u003c \\” Data at offset: 0x\\” \\u003c\\u003c std::hex \\u003c\\u003c dataOffset \\n \\u003c\\u003c \\” (size: \\” \\u003c\\u003c std::dec \\u003c\\u003c totalSize \\u003c\\u003c \\” bytes)\\” \\u003c\\u003c std::endl;\\n \\n if (totalSize \\u003e 1048576) { \\n std::cout \\u003c\\u003c \\” [WARNING] Data size suspiciously large: \\” \\n \\u003c\\u003c totalSize \\u003c\\u003c \\” bytes\\” \\u003c\\u003c std::endl;\\n }\\n \\n if (isValidOffset(dataOffset, static_cast\\u003csize_t\\u003e(std::min(totalSize, static_cast\\u003cuint64_t\\u003e(4096))))) {\\n \\n std::cout \\u003c\\u003c \\” First \\” \\u003c\\u003c std::min(static_cast\\u003csize_t\\u003e(32), static_cast\\u003csize_t\\u003e(totalSize)) \\n \\u003c\\u003c \\” bytes: \\”;\\n printValue(tag, type, std::min(count, 8u), dataOffset, \\n std::min(static_cast\\u003csize_t\\u003e(totalSize), static_cast\\u003csize_t\\u003e(32)), true);\\n \\n if (tag == 51008) { \\n isVulnerable = analyzeOpcodeList1(dataOffset, count);\\n } else if (tag == 258) { \\n analyzeBitsPerSample(dataOffset, count);\\n } else if (tag == 339) { \\n analyzeSampleFormat(dataOffset, count);\\n } else if (tag == 324) { \\n analyzeTileOffsets(dataOffset, count);\\n } else if (tag == 325) { \\n analyzeTileByteCounts(dataOffset, count);\\n }\\n } else {\\n std::cout \\u003c\\u003c \\” [WARNING] Data offset\/size out of bounds\\” \\u003c\\u003c std::endl;\\n }\\n }\\n \\n return isVulnerable;\\n }\\n \\n void printValue(uint16_t tag, uint16_t type, uint32_t count, \\n size_t offset, size_t totalSize, bool isExternal) {\\n if (!isValidOffset(offset, std::min(totalSize, static_cast\\u003csize_t\\u003e(256)))) {\\n std::cout \\u003c\\u003c \\”[OUT OF BOUNDS]\\” \\u003c\\u003c std::endl;\\n return;\\n }\\n \\n switch(type) {\\n case 1: \\n case 6: \\n case 7: \\n if (count == 1 \\u0026\\u0026 totalSize == 1) {\\n std::cout \\u003c\\u003c std::hex \\u003c\\u003c \\”0x\\” \\u003c\\u003c static_cast\\u003cint\\u003e(fileData[offset]) \\u003c\\u003c std::dec;\\n } else {\\n std::cout \\u003c\\u003c count \\u003c\\u003c \\” \\” \\u003c\\u003c getTypeName(type) \\u003c\\u003c \\” values\\”;\\n if (count \\u003c= 8) {\\n std::cout \\u003c\\u003c \\” [\\”;\\n for (uint32_t i = 0; i \\u003c count \\u0026\\u0026 i \\u003c 8; i++) {\\n if (i \\u003e 0) std::cout \\u003c\\u003c \\” \\”;\\n std::cout \\u003c\\u003c std::hex \\u003c\\u003c static_cast\\u003cint\\u003e(fileData[offset + i]) \\u003c\\u003c std::dec;\\n }\\n if (count \\u003e 8) std::cout \\u003c\\u003c \\” …\\”;\\n std::cout \\u003c\\u003c \\”]\\”;\\n }\\n }\\n break;\\n \\n case 2: \\n if (count \\u003c= 4 \\u0026\\u0026 !isExternal) {\\n std::cout \\u003c\\u003c \\”\\\\\\”\\”;\\n for (uint32_t i = 0; i \\u003c count; i++) {\\n unsigned char c = static_cast\\u003cunsigned char\\u003e(fileData[offset + i]);\\n std::cout \\u003c\\u003c (c \\u003e= 32 \\u0026\\u0026 c \\u003c 127 ? static_cast\\u003cchar\\u003e(c) : ‘.’);\\n }\\n std::cout \\u003c\\u003c \\”\\\\\\”\\”;\\n } else {\\n std::string str;\\n size_t printCount = std::min(count, static_cast\\u003cuint32_t\\u003e(64));\\n for (uint32_t i = 0; i \\u003c printCount; i++) {\\n unsigned char c = static_cast\\u003cunsigned char\\u003e(fileData[offset + i]);\\n if (c == 0) break;\\n str += (c \\u003e= 32 \\u0026\\u0026 c \\u003c 127 ? static_cast\\u003cchar\\u003e(c) : ‘.’);\\n }\\n std::cout \\u003c\\u003c \\”\\\\\\”\\” \\u003c\\u003c str \\u003c\\u003c \\”\\\\\\”\\”;\\n if (str.length() \\u003c count) std::cout \\u003c\\u003c \\” …\\”;\\n }\\n break;\\n \\n case 3: \\n case 8: \\n if (count == 1) {\\n uint16_t val = readU16(offset);\\n std::cout \\u003c\\u003c val \\u003c\\u003c \\” (0x\\” \\u003c\\u003c std::hex \\u003c\\u003c val \\u003c\\u003c \\”)\\” \\u003c\\u003c std::dec;\\n } else {\\n std::cout \\u003c\\u003c count \\u003c\\u003c \\” \\” \\u003c\\u003c getTypeName(type) \\u003c\\u003c \\” values\\”;\\n if (count \\u003c= 4) {\\n std::cout \\u003c\\u003c \\” [\\”;\\n for (uint32_t i = 0; i \\u003c count; i++) {\\n if (i \\u003e 0) std::cout \\u003c\\u003c \\”, \\”;\\n uint16_t val = readU16(offset + i * 2);\\n std::cout \\u003c\\u003c val;\\n }\\n std::cout \\u003c\\u003c \\”]\\”;\\n }\\n }\\n break;\\n \\n case 4: \\n case 9: \\n if (count == 1) {\\n uint32_t val = readU32(offset);\\n std::cout \\u003c\\u003c val \\u003c\\u003c \\” (0x\\” \\u003c\\u003c std::hex \\u003c\\u003c val \\u003c\\u003c \\”)\\” \\u003c\\u003c std::dec;\\n } else {\\n std::cout \\u003c\\u003c count \\u003c\\u003c \\” \\” \\u003c\\u003c getTypeName(type) \\u003c\\u003c \\” values\\”;\\n if (count \\u003c= 2) {\\n std::cout \\u003c\\u003c \\” [\\”;\\n for (uint32_t i = 0; i \\u003c count; i++) {\\n if (i \\u003e 0) std::cout \\u003c\\u003c \\”, \\”;\\n uint32_t val = readU32(offset + i * 4);\\n std::cout \\u003c\\u003c val;\\n }\\n std::cout \\u003c\\u003c \\”]\\”;\\n }\\n }\\n break;\\n \\n case 5: \\n case 10: \\n std::cout \\u003c\\u003c count \\u003c\\u003c \\” \\” \\u003c\\u003c getTypeName(type) \\u003c\\u003c \\” values\\”;\\n break;\\n \\n case 11: \\n if (count == 1) {\\n float val = readFloat(offset);\\n std::cout \\u003c\\u003c val;\\n } else {\\n std::cout \\u003c\\u003c count \\u003c\\u003c \\” FLOAT values\\”;\\n if (count \\u003c= 2) {\\n std::cout \\u003c\\u003c \\” [\\”;\\n for (uint32_t i = 0; i \\u003c count; i++) {\\n if (i \\u003e 0) std::cout \\u003c\\u003c \\”, \\”;\\n float val = readFloat(offset + i * 4);\\n std::cout \\u003c\\u003c val;\\n }\\n std::cout \\u003c\\u003c \\”]\\”;\\n }\\n }\\n break;\\n \\n case 12: \\n std::cout \\u003c\\u003c count \\u003c\\u003c \\” DOUBLE values\\”;\\n break;\\n \\n default:\\n std::cout \\u003c\\u003c count \\u003c\\u003c \\” values of unknown type \\” \\u003c\\u003c type;\\n std::cout \\u003c\\u003c \\” (assuming \\” \\u003c\\u003c getTypeSize(type) \\u003c\\u003c \\” bytes each)\\”;\\n break;\\n }\\n std::cout \\u003c\\u003c std::endl;\\n }\\n \\n bool analyzeOpcodeList1(size_t offset, uint32_t count) {\\n std::cout \\u003c\\u003c \\” [ANALYZING OPCODE LIST]\\” \\u003c\\u003c std::endl;\\n \\n if (count \\u003c 16) {\\n std::cout \\u003c\\u003c \\” [WARNING] OpcodeList1 too small: \\” \\u003c\\u003c count \\u003c\\u003c \\” bytes\\” \\u003c\\u003c std::endl;\\n return false;\\n }\\n \\n uint32_t dataSize = readU32(offset + 12);\\n uint64_t totalOpcodeSize = static_cast\\u003cuint64_t\\u003e(16) + static_cast\\u003cuint64_t\\u003e(dataSize);\\n \\n if (totalOpcodeSize \\u003e count) {\\n std::cout \\u003c\\u003c \\” [WARNING] Opcode data size (\\” \\u003c\\u003c dataSize \\n \\u003c\\u003c \\”) exceeds available space (\\” \\u003c\\u003c count \\u003c\\u003c \\”)\\” \\u003c\\u003c std::endl;\\n return false;\\n }\\n \\n if (!isValidOffset(offset, static_cast\\u003csize_t\\u003e(std::min(totalOpcodeSize, static_cast\\u003cuint64_t\\u003e(count))))) {\\n std::cout \\u003c\\u003c \\” [WARNING] Opcode data out of bounds\\” \\u003c\\u003c std::endl;\\n return false;\\n }\\n \\n uint32_t opcodeId = readU32(offset);\\n uint32_t version = readU32(offset + 4);\\n uint32_t flags = readU32(offset + 8);\\n \\n std::cout \\u003c\\u003c \\” Opcode ID: \\” \\u003c\\u003c opcodeId;\\n if (opcodeId == 1) std::cout \\u003c\\u003c \\” (ScalePerRow)\\”;\\n else if (opcodeId == 2) std::cout \\u003c\\u003c \\” (LookupTable)\\”;\\n else if (opcodeId == 3) std::cout \\u003c\\u003c \\” (MapTable)\\”;\\n else if (opcodeId == 4) std::cout \\u003c\\u003c \\” (DeltaPerRow)\\”;\\n else if (opcodeId == 5) std::cout \\u003c\\u003c \\” (ScalePerCol)\\”;\\n else if (opcodeId == 6) std::cout \\u003c\\u003c \\” (DeltaPerCol)\\”;\\n std::cout \\u003c\\u003c std::endl;\\n \\n std::cout \\u003c\\u003c \\” Version: 0x\\” \\u003c\\u003c std::hex \\u003c\\u003c version \\u003c\\u003c std::dec \\u003c\\u003c std::endl;\\n std::cout \\u003c\\u003c \\” Flags: 0x\\” \\u003c\\u003c std::hex \\u003c\\u003c flags \\u003c\\u003c std::dec;\\n \\n bool isVulnerable = false;\\n \\n if (flags == 0x41414141 || flags == 0x42424242 || flags == 0x43434343 || \\n flags == 0x44444444 || flags == 0x45454545) {\\n std::cout \\u003c\\u003c \\” [MALICIOUS – Common exploit pattern]\\” \\u003c\\u003c std::endl;\\n isVulnerable = true;\\n } else if ((flags \\u0026 0xF0F0F0F0) == 0x40404040) {\\n std::cout \\u003c\\u003c \\” [SUSPICIOUS – May cause unexpected behavior]\\” \\u003c\\u003c std::endl;\\n isVulnerable = true;\\n } else {\\n std::cout \\u003c\\u003c std::endl;\\n }\\n \\n std::cout \\u003c\\u003c \\” Data Size: \\” \\u003c\\u003c dataSize \\u003c\\u003c \\” bytes\\” \\u003c\\u003c std::endl;\\n \\n if (opcodeId == 1) { \\n std::cout \\u003c\\u003c \\” [POTENTIAL TYPE CONFUSION] ScalePerRow opcode detected\\” \\u003c\\u003c std::endl;\\n \\n if (dataSize \\u003e= 36) { \\n uint32_t planes = readU32(offset + 16 + 16); \/\/ planes field\\n std::cout \\u003c\\u003c \\” Planes: \\” \\u003c\\u003c planes \\u003c\\u003c std::endl;\\n }\\n \\n isVulnerable = true;\\n }\\n \\n return isVulnerable;\\n }\\n \\n void analyzeBitsPerSample(size_t offset, uint32_t count) {\\n std::cout \\u003c\\u003c \\” [BITS PER SAMPLE ANALYSIS]\\” \\u003c\\u003c std::endl;\\n \\n size_t maxToDisplay = std::min(count, static_cast\\u003cuint32_t\\u003e(16));\\n bool has8Bit = false;\\n bool has32Bit = false;\\n \\n for (uint32_t i = 0; i \\u003c maxToDisplay; i++) {\\n if (!isValidOffset(offset + i * 2, 2)) break;\\n \\n uint16_t bits = readU16(offset + i * 2);\\n \\n if (i \\u003c 4) { \/\/ Display first 4 values\\n std::cout \\u003c\\u003c \\” Plane \\” \\u003c\\u003c i \\u003c\\u003c \\”: \\” \\u003c\\u003c bits \\u003c\\u003c \\” bits\\”;\\n \\n if (bits == 8) {\\n std::cout \\u003c\\u003c \\” [WARNING: 8-bit with ScalePerRow may cause type confusion]\\”;\\n has8Bit = true;\\n } else if (bits == 32) {\\n std::cout \\u003c\\u003c \\” [32-bit – compatible with float]\\”;\\n has32Bit = true;\\n } else if (bits != 16 \\u0026\\u0026 bits != 32) {\\n std::cout \\u003c\\u003c \\” [NOTE: Non-standard bit depth]\\”;\\n }\\n std::cout \\u003c\\u003c std::endl;\\n }\\n \\n if (bits == 8) has8Bit = true;\\n if (bits == 32) has32Bit = true;\\n }\\n \\n if (count \\u003e 4) {\\n std::cout \\u003c\\u003c \\” … and \\” \\u003c\\u003c (count – 4) \\u003c\\u003c \\” more planes\\” \\u003c\\u003c std::endl;\\n }\\n \\n if (has8Bit \\u0026\\u0026 !has32Bit) {\\n std::cout \\u003c\\u003c \\” [HIGH RISK] 8-bit samples without 32-bit option\\” \\u003c\\u003c std::endl;\\n } else if (has8Bit) {\\n std::cout \\u003c\\u003c \\” [MEDIUM RISK] Mixed 8-bit and 32-bit samples\\” \\u003c\\u003c std::endl;\\n }\\n }\\n \\n void analyzeSampleFormat(size_t offset, uint32_t count) {\\n std::cout \\u003c\\u003c \\” [SAMPLE FORMAT ANALYSIS]\\” \\u003c\\u003c std::endl;\\n \\n size_t maxToDisplay = std::min(count, static_cast\\u003cuint32_t\\u003e(16));\\n bool hasUnsigned = false;\\n bool hasFloat = false;\\n \\n for (uint32_t i = 0; i \\u003c maxToDisplay; i++) {\\n if (!isValidOffset(offset + i * 2, 2)) break;\\n \\n uint16_t format = readU16(offset + i * 2);\\n std::string formatName;\\n \\n switch(format) {\\n case 1: formatName = \\”Unsigned Integer\\”; hasUnsigned = true; break;\\n case 2: formatName = \\”Signed Integer\\”; break;\\n case 3: formatName = \\”Floating Point\\”; hasFloat = true; break;\\n default: formatName = \\”Unknown(\\” + std::to_string(format) + \\”)\\”; break;\\n }\\n \\n if (i \\u003c 4) { \/\/ Display first 4 values\\n std::cout \\u003c\\u003c \\” Plane \\” \\u003c\\u003c i \\u003c\\u003c \\”: \\” \\u003c\\u003c formatName \\u003c\\u003c \\” (\\” \\u003c\\u003c format \\u003c\\u003c \\”)\\”;\\n \\n if (format == 1) {\\n std::cout \\u003c\\u003c \\” [WARNING: Unsigned with ScalePerRow will cause type confusion]\\”;\\n } else if (format != 3) {\\n std::cout \\u003c\\u003c \\” [NOTE: Non-float with ScalePerRow may cause issues]\\”;\\n }\\n std::cout \\u003c\\u003c std::endl;\\n }\\n }\\n \\n if (count \\u003e 4) {\\n std::cout \\u003c\\u003c \\” … and \\” \\u003c\\u003c (count – 4) \\u003c\\u003c \\” more planes\\” \\u003c\\u003c std::endl;\\n }\\n \\n if (hasUnsigned \\u0026\\u0026 !hasFloat) {\\n std::cout \\u003c\\u003c \\” [HIGH RISK] Unsigned format without float option\\” \\u003c\\u003c std::endl;\\n } else if (hasUnsigned) {\\n std::cout \\u003c\\u003c \\” [MEDIUM RISK] Mixed unsigned and float formats\\” \\u003c\\u003c std::endl;\\n }\\n }\\n \\n void analyzeTileOffsets(size_t offset, uint32_t count) {\\n std::cout \\u003c\\u003c \\” [TILE OFFSETS ANALYSIS]\\” \\u003c\\u003c std::endl;\\n \\n size_t maxToDisplay = std::min(count, static_cast\\u003cuint32_t\\u003e(4));\\n bool hasInvalidOffset = false;\\n \\n for (uint32_t i = 0; i \\u003c maxToDisplay; i++) {\\n if (!isValidOffset(offset + i * 4, 4)) {\\n hasInvalidOffset = true;\\n break;\\n }\\n \\n uint32_t tileOffset = readU32(offset + i * 4);\\n std::cout \\u003c\\u003c \\” Tile \\” \\u003c\\u003c i \\u003c\\u003c \\” offset: 0x\\” \\u003c\\u003c std::hex \\u003c\\u003c tileOffset \\u003c\\u003c std::dec;\\n \\n if (tileOffset \\u003e= fileData.size()) {\\n std::cout \\u003c\\u003c \\” [INVALID – out of file bounds]\\”;\\n hasInvalidOffset = true;\\n } else if (tileOffset \\u003c 100) {\\n std::cout \\u003c\\u003c \\” [SUSPICIOUS – very small offset]\\”;\\n }\\n std::cout \\u003c\\u003c std::endl;\\n }\\n \\n if (count \\u003e 4) {\\n std::cout \\u003c\\u003c \\” … and \\” \\u003c\\u003c (count – 4) \\u003c\\u003c \\” more tiles\\” \\u003c\\u003c std::endl;\\n }\\n \\n if (hasInvalidOffset) {\\n std::cout \\u003c\\u003c \\” [WARNING] Invalid tile offsets detected\\” \\u003c\\u003c std::endl;\\n }\\n }\\n \\n void analyzeTileByteCounts(size_t offset, uint32_t count) {\\n std::cout \\u003c\\u003c \\” [TILE BYTE COUNTS ANALYSIS]\\” \\u003c\\u003c std::endl;\\n \\n size_t maxToDisplay = std::min(count, static_cast\\u003cuint32_t\\u003e(4));\\n uint64_t totalBytes = 0;\\n bool hasLargeCount = false;\\n \\n for (uint32_t i = 0; i \\u003c maxToDisplay; i++) {\\n if (!isValidOffset(offset + i * 4, 4)) break;\\n \\n uint32_t byteCount = readU32(offset + i * 4);\\n totalBytes += byteCount;\\n std::cout \\u003c\\u003c \\” Tile \\” \\u003c\\u003c i \\u003c\\u003c \\” size: \\” \\u003c\\u003c byteCount \\u003c\\u003c \\” bytes\\”;\\n \\n if (byteCount \\u003e 10485760) { \/\/ 10MB\\n std::cout \\u003c\\u003c \\” [SUSPICIOUS – very large tile]\\”;\\n hasLargeCount = true;\\n } else if (byteCount == 0) {\\n std::cout \\u003c\\u003c \\” [WARNING – zero-sized tile]\\”;\\n }\\n std::cout \\u003c\\u003c std::endl;\\n }\\n \\n if (count \\u003e 4) {\\n std::cout \\u003c\\u003c \\” … and \\” \\u003c\\u003c (count – 4) \\u003c\\u003c \\” more tiles\\” \\u003c\\u003c std::endl;\\n }\\n \\n std::cout \\u003c\\u003c \\” Total tiles size: \\” \\u003c\\u003c totalBytes \\u003c\\u003c \\” bytes\\” \\u003c\\u003c std::endl;\\n \\n if (hasLargeCount) {\\n std::cout \\u003c\\u003c \\” [WARNING] Very large tile sizes detected\\” \\u003c\\u003c std::endl;\\n }\\n }\\n \\n bool scanForVulnerability() {\\n if (!validateTIFFHeader()) {\\n return false;\\n }\\n \\n \/\/ Read IFD0 offset from TIFF header\\n uint32_t ifd0Offset = readU32(4);\\n std::cout \\u003c\\u003c \\”[+] First IFD at offset: 0x\\” \\u003c\\u003c std::hex \\u003c\\u003c ifd0Offset \\u003c\\u003c std::dec \\u003c\\u003c std::endl;\\n \\n bool foundVulnerability = parseIFDChain(ifd0Offset);\\n \\n return foundVulnerability;\\n }\\n \\n void printReport() {\\n if (vulnerabilityFound) {\\n std::cout \\u003c\\u003c \\”\\\\n\\” \\u003c\\u003c std::string(60, ‘!’) \\u003c\\u003c std::endl;\\n std::cout \\u003c\\u003c \\”!! VULNERABLE DNG FILE DETECTED !!\\” \\u003c\\u003c std::endl;\\n std::cout \\u003c\\u003c std::string(60, ‘!’) \\u003c\\u003c std::endl;\\n \\n printExploitInfo();\\n } else {\\n std::cout \\u003c\\u003c \\”\\\\n\\” \\u003c\\u003c std::string(60, ‘=’) \\u003c\\u003c std::endl;\\n std::cout \\u003c\\u003c \\”SAFE DNG FILE\\” \\u003c\\u003c std::endl;\\n std::cout \\u003c\\u003c std::string(60, ‘=’) \\u003c\\u003c std::endl;\\n std::cout \\u003c\\u003c \\”No obvious CVE-2025-58478 vulnerability detected.\\” \\u003c\\u003c std::endl;\\n std::cout \\u003c\\u003c \\”Note: This doesn’t guarantee the file is completely safe.\\” \\u003c\\u003c std::endl;\\n }\\n }\\n \\n void printExploitInfo() {\\n std::cout \\u003c\\u003c \\”\\\\n[EXPLOIT DETAILS]\\” \\u003c\\u003c std::endl;\\n std::cout \\u003c\\u003c \\”Vulnerability: Type Confusion in QuramDng library\\” \\u003c\\u003c std::endl;\\n std::cout \\u003c\\u003c \\”CVE: CVE-2025-58478\\” \\u003c\\u003c std::endl;\\n std::cout \\u003c\\u003c \\”Affected Library: libimagecodec.quram.so\\” \\u003c\\u003c std::endl;\\n std::cout \\u003c\\u003c \\”\\\\nExploit Mechanism:\\” \\u003c\\u003c std::endl;\\n std::cout \\u003c\\u003c \\”1. DNG file specifies 8-bit Unsigned data (BitsPerSample=8, SampleFormat=1)\\” \\u003c\\u003c std::endl;\\n std::cout \\u003c\\u003c \\”2. But includes ScalePerRow opcode that expects 32-bit Float data\\” \\u003c\\u003c std::endl;\\n std::cout \\u003c\\u003c \\”3. Library treats uint8_t* as float* leading to OOB read\/write\\” \\u003c\\u003c std::endl;\\n std::cout \\u003c\\u003c \\”4. Results in memory corruption and potential code execution\\” \\u003c\\u003c std::endl;\\n std::cout \\u003c\\u003c \\”\\\\nAffected Apps:\\” \\u003c\\u003c std::endl;\\n std::cout \\u003c\\u003c \\”- com.samsung.ipservice (auto-decodes after MEDIA_SCANNER_SCAN_FILE)\\” \\u003c\\u003c std::endl;\\n std::cout \\u003c\\u003c \\”- com.samsung.gallery3d (Samsung Gallery)\\” \\u003c\\u003c std::endl;\\n std::cout \\u003c\\u003c \\”\\\\nAffected Devices:\\” \\u003c\\u003c std::endl;\\n std::cout \\u003c\\u003c \\”- Samsung Galaxy S22, S23, S24, S25 series\\” \\u003c\\u003c std::endl;\\n std::cout \\u003c\\u003c \\”- One UI 6.0 through 8.0 (Android 14-16)\\” \\u003c\\u003c std::endl;\\n std::cout \\u003c\\u003c \\”\\\\nFixed in: Samsung December 2025 Security Update\\” \\u003c\\u003c std::endl;\\n std::cout \\u003c\\u003c \\”Patch: https:\/\/security.samsungmobile.com\/securityUpdate.smsb?year=2025\\u0026month=12\\” \\u003c\\u003c std::endl;\\n }\\n };\\n \\n int main(int argc, char* argv[]) {\\n if (argc != 2) {\\n std::cout \\u003c\\u003c \\”Samsung QuramDng Vulnerability Scanner\\” \\u003c\\u003c std::endl;\\n std::cout \\u003c\\u003c \\”CVE-2025-58478 – Type Confusion in libimagecodec.quram.so\\” \\u003c\\u003c std::endl;\\n std::cout \\u003c\\u003c \\”======================================================\\” \\u003c\\u003c std::endl;\\n std::cout \\u003c\\u003c \\”Usage: \\” \\u003c\\u003c argv[0] \\u003c\\u003c \\” \\u003cdng_file\\u003e\\” \\u003c\\u003c std::endl;\\n std::cout \\u003c\\u003c \\”\\\\nReturn Codes:\\” \\u003c\\u003c std::endl;\\n std::cout \\u003c\\u003c \\” 0 – File is safe or scanner completed successfully\\” \\u003c\\u003c std::endl;\\n std::cout \\u003c\\u003c \\” 1 – File is vulnerable to CVE-2025-58478\\” \\u003c\\u003c std::endl;\\n std::cout \\u003c\\u003c \\” 2 – Error reading or parsing file\\” \\u003c\\u003c std::endl;\\n std::cout \\u003c\\u003c \\”\\\\nExamples:\\” \\u003c\\u003c std::endl;\\n std::cout \\u003c\\u003c \\” \\” \\u003c\\u003c argv[0] \\u003c\\u003c \\” exploit.dng\\” \\u003c\\u003c std::endl;\\n std::cout \\u003c\\u003c \\” \\” \\u003c\\u003c argv[0] \\u003c\\u003c \\” test_image.dng\\” \\u003c\\u003c std::endl;\\n return 2;\\n }\\n \\n std::cout \\u003c\\u003c \\”Samsung QuramDng Vulnerability Scanner \\” \\u003c\\u003c std::endl;\\n std::cout \\u003c\\u003c \\”CVE-2025-58478 – Type Confusion in libimagecodec.quram.so\\” \\u003c\\u003c std::endl;\\n std::cout \\u003c\\u003c \\”======================================================\\” \\u003c\\u003c std::endl;\\n \\n DNGVulnerabilityScanner scanner;\\n \\n if (!scanner.loadFile(argv[1])) {\\n return 2;\\n }\\n \\n try {\\n bool isVulnerable = scanner.scanForVulnerability();\\n scanner.printReport();\\n \\n if (isVulnerable) {\\n std::cout \\u003c\\u003c \\”\\\\n[!] WARNING: This DNG file contains the vulnerability\\” \\u003c\\u003c std::endl;\\n std::cout \\u003c\\u003c \\”[!] Do not open on vulnerable Samsung devices\\” \\u003c\\u003c std::endl;\\n std::cout \\u003c\\u003c \\”[!] Fixed in: Samsung December 2025 Security Update\\” \\u003c\\u003c std::endl;\\n return 1; \/\/ Return 1 for vulnerable file\\n } else {\\n std::cout \\u003c\\u003c \\”\\\\n[+] File appears to be safe from CVE-2025-58478\\” \\u003c\\u003c std::endl;\\n return 0; \/\/ Return 0 for safe file\\n }\\n } catch (const std::exception\\u0026 e) {\\n std::cerr \\u003c\\u003c \\”\\\\n[-] Error during scanning: \\” \\u003c\\u003c e.what() \\u003c\\u003c std::endl;\\n return 2;\\n } catch (…) {\\n std::cerr \\u003c\\u003c \\”\\\\n[-] Unknown error during scanning\\” \\u003c\\u003c std::endl;\\n return 2;\\n }\\n }\\n \\n Greetings to :============================================================\\n jericho * Larry W. Cashdollar * r00t * Malvuln (John Page aka hyp3rlinx)*|\\n ==========================================================================”,”sourceHref”:”https:\/\/packetstorm.news\/download\/215827″,”cvss”:{“score”:7.5,”severity”:”HIGH”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:N\/A:N”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/215827\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:”2026-02-18T17:32:28″,”description”:”This C++ scanner analyzes DNG Digital Negative files for the CVE-2025-58478 type confusion vulnerability in the libimagecodec.quram.so library used on Samsung devices…”,”published”:”2026-02-18T00:00:00″,”modified”:”2026-02-18T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Samsung QuramDNG Type…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,16,12,15,13,53,7,11,5],"class_list":["post-41395","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-cvss-75","tag-exploit","tag-high","tag-news","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n\ud83d\udcc4 Samsung QuramDNG Type Confusion Detector Vulnerability Scanner_PACKETSTORM:215827 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=41395\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\ud83d\udcc4 Samsung QuramDNG Type Confusion Detector Vulnerability Scanner_PACKETSTORM:215827 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:”2026-02-18T17:32:28″,”description”:”This C++ scanner analyzes DNG Digital Negative files for the CVE-2025-58478 type confusion vulnerability in the libimagecodec.quram.so library used on Samsung devices…”,”published”:”2026-02-18T00:00:00″,”modified”:”2026-02-18T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Samsung QuramDNG Type...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=41395\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2026-02-18T11:48:35+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"28 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=41395#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=41395\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"\ud83d\udcc4 Samsung QuramDNG Type Confusion Detector Vulnerability Scanner_PACKETSTORM:215827\",\"datePublished\":\"2026-02-18T11:48:35+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=41395\"},\"wordCount\":5562,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"CVSS-7.5\",\"exploit\",\"HIGH\",\"news\",\"packetstorm\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_exploit\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=41395#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=41395\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=41395\",\"name\":\"\ud83d\udcc4 Samsung QuramDNG Type Confusion Detector Vulnerability Scanner_PACKETSTORM:215827 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2026-02-18T11:48:35+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=41395#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=41395\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=41395#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\ud83d\udcc4 Samsung QuramDNG Type Confusion Detector Vulnerability Scanner_PACKETSTORM:215827\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"\ud83d\udcc4 Samsung QuramDNG Type Confusion Detector Vulnerability Scanner_PACKETSTORM:215827 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=41395","og_locale":"en_US","og_type":"article","og_title":"\ud83d\udcc4 Samsung QuramDNG Type Confusion Detector Vulnerability Scanner_PACKETSTORM:215827 - zero redgem","og_description":"{“lastseen”:”2026-02-18T17:32:28″,”description”:”This C++ scanner analyzes DNG Digital Negative files for the CVE-2025-58478 type confusion vulnerability in the libimagecodec.quram.so library used on Samsung devices…”,”published”:”2026-02-18T00:00:00″,”modified”:”2026-02-18T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Samsung QuramDNG Type...","og_url":"https:\/\/zero.redgem.net\/?p=41395","og_site_name":"zero redgem","article_published_time":"2026-02-18T11:48:35+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"28 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=41395#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=41395"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"\ud83d\udcc4 Samsung QuramDNG Type Confusion Detector Vulnerability Scanner_PACKETSTORM:215827","datePublished":"2026-02-18T11:48:35+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=41395"},"wordCount":5562,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","CVSS-7.5","exploit","HIGH","news","packetstorm","Security","tapic","Vulnerability"],"articleSection":["category_exploit"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=41395#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=41395","url":"https:\/\/zero.redgem.net\/?p=41395","name":"\ud83d\udcc4 Samsung QuramDNG Type Confusion Detector Vulnerability Scanner_PACKETSTORM:215827 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2026-02-18T11:48:35+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=41395#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=41395"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=41395#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"\ud83d\udcc4 Samsung QuramDNG Type Confusion Detector Vulnerability Scanner_PACKETSTORM:215827"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/41395","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=41395"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/41395\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=41395"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=41395"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=41395"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}