Published: 06/05/2020 Updated: 07/11/2023

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 890

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

There is a buffer overwrite vulnerability in the Quram qmg library of Samsung's Android OS versions O(8.x), P(9.0) and Q(10.0). An unauthenticated, unauthorized attacker sending a specially crafted MMS to a vulnerable phone can trigger a heap-based buffer overflow in the Quram image codec leading to an arbitrary remote code execution (RCE) without any user interaction. The Samsung ID is SVE-2020-16747.

Vulnerable Product	Search on Vulmon	Subscribe to Product
google android 8.0
google android 8.1
google android 9.0
google android 10.0

Proof Of Concept For CVE-2020-8899 (Quram Image Codec Heap Overflow)

CWE-787 https://bugs.chromium.org/p/project-zero/issues/detail?id=2002 https://security.samsungmobile.com/securityUpdate.smsb http://packetstormsecurity.com/files/157620/Samsung-Android-Remote-Code-Execution.html https://www.kb.cert.org/vuls/id/366027 https://nvd.nist.gov https://github.com/0x23242526/nDay1_POC_CVE-2020-8899 https://www.kb.cert.org/vuls/id/366027

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-8899

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect