CVE-2020-12751

HIGH

Android O(8.X), P(9.0), Q(10.0) - Out-of-bounds Write in Quram Image Codec via Crafted JPEG Data

Title source: manual
STIX 2.1

Description

An issue was discovered on Samsung mobile devices with O(8.X), P(9.0), and Q(10.0) software. The Quram image codec library allows attackers to overwrite memory and execute arbitrary code via crafted JPEG data that is mishandled during decoding. The Samsung ID is SVE-2020-16943 (May 2020).

References (1)

Core 1
Core References
Vendor Advisory x_refsource_confirm
https://security.samsungmobile.com/securityUpdate.smsb

Scores

CVSS v3 7.8
EPSS 0.0046
EPSS Percentile 36.9%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-787
Status published
Products (4)
google/android 8.0
google/android 8.1
google/android 9.0
google/android 10.0
Published May 11, 2020
Tracked Since Feb 18, 2026