CVE-2020-8899

Summary

There is a buffer overwrite vulnerability in the Quram qmg library of Samsung's Android OS versions O(8.x), P(9.0) and Q(10.0). An unauthenticated, unauthorized attacker sending a specially crafted MMS to a vulnerable phone can trigger a heap-based buffer overflow in the Quram image codec leading to an arbitrary remote code execution (RCE) without any user interaction. The Samsung ID is SVE-2020-16747.

Affected Software

VendorProductVersion RangeStatus
SamsungAndroid OS9.0affected
SamsungAndroid OS10.0affected
SamsungAndroid OS8.0affected

Weaknesses

  • CWE-122: CWE-122 Heap-based Buffer Overflow

ADP Enrichment

CVE Program Container

Additional References

References