Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

jeudi 14 mai 2020

VU#366027: Samsung Qmage codec for Android Skia library does not properly validate image files

The Samsung May 2020 Android Security Update notes that"a possible memory overwrite vulnerability in Quram qmg library allows possible remote arbitrary code execution."Samsung identifies this vulnerability as SVE-2020-16747,more commonly known as CVE-2020-8899. Google Project Zero performed extensive fuzz testing on the Qmage(or Quram,or qmg)code Samsung added to the Android Skia library and identified more than 1500 unique crashing test cases. At least one of these memory corruption vulnerabilities can be exploited by sending a specially crafted MMS message to a vulnerable system. Samsung notes that versions O(8.X),P(9.0),Q(10.0)are affected.

Lien vers l'article source

Auteur: US Cert

Catégories: CertUSNombre de vues: 170


Événements SSI