The DCMProvider service in Samsung LibQjpeg on a Samsung SM-G925V device running build number LRX22G.G925VVRU1AOE2 allows remote attackers to cause a denial of service (segmentation fault and process crash) and execute arbitrary code via a crafted JPG.
References
Link | Resource |
---|---|
https://www.exploit-db.com/exploits/38614/ | Broken Link Third Party Advisory VDB Entry |
http://www.securityfocus.com/bid/77423 | Third Party Advisory VDB Entry |
http://packetstormsecurity.com/files/134197/Samsung-LibQjpeg-Image-Decoding-Memory-Corruption.html | Broken Link Third Party Advisory VDB Entry |
https://bugs.chromium.org/p/project-zero/issues/detail?id=495&redir=1 | Issue Tracking Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2017-08-09 11:29
Updated : 2017-08-24 09:20
NVD link : CVE-2015-7894
Mitre link : CVE-2015-7894
JSON object : View
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
Products Affected
samsung
- galaxy_s6_edge_firmware
- galaxy_s6_edge