CVE-2024-20849

State: PUBLISHED · Published: 2024-04-02 · Updated: 2024-08-27 · Assigner: SamsungMobile

Description

Out-of-bound Write vulnerability in chunk parsing implementation of libsdffextractor prior to SMR Apr-2023 Release 1 allows local attackers to execute arbitrary code.

CWE

(none)

Affected

Samsung Mobile / Samsung Mobile Devices — v=SMR Apr-2024 Release in Android 12, 13, 14 [unaffected]

CVSS

3.1 score=7.3 severity=HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L

References

https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=04

Source

cvelistV5-main/cves/2024/20xxx/CVE-2024-20849.json