QwikSec

Security Database

CVE

CWE

Training

CVE-2020-8899

Published: May 6, 2020

Modified: Sep 17, 2024

PUBLISHED

Description

There is a buffer overwrite vulnerability in the Quram qmg library of Samsung's Android OS versions O(8.x), P(9.0) and Q(10.0). An unauthenticated, unauthorized attacker sending a specially crafted MMS to a vulnerable phone can trigger a heap-based buffer overflow in the Quram image codec leading to an arbitrary remote code execution (RCE) without any user interaction. The Samsung ID is SVE-2020-16747.

Vendor	Product	Versions
Samsung	Android OS	affected `9.0` affected `10.0` affected `8.0`

Weaknesses (CWE)

References

https://security.samsungmobile.com/securityUpdate.smsb

x_refsource_CONFIRM

https://bugs.chromium.org/p/project-zero/issues/detail?id=2002

x_refsource_CONFIRM

http://packetstormsecurity.com/files/157620/Samsung-Android-Remote-Code-Execution.html

x_refsource_MISC

third-party-advisory

x_refsource_CERT-VN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.