CVE-2020-25278

CRITICAL

Samsung Android O(8.x)-Q(10.0) - Out-of-bounds Write in Quram JPEG Decoder

Title source: llm
STIX 2.1

Description

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The Quram image codec library allows attackers to overwrite memory and execute arbitrary code via crafted JPEG data that is mishandled during decoding. The Samsung IDs are SVE-2020-18088, SVE-2020-18225, SVE-2020-18301 (September 2020).

References (1)

Core 1
Core References

Scores

CVSS v3 9.8
EPSS 0.0065
EPSS Percentile 46.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-787
Status published
Products (4)
google/android 8.0
google/android 8.1
google/android 9.0
google/android 10.0
Published Sep 11, 2020
Tracked Since Feb 18, 2026