CVE-2015-7894

8.8HIGH

Key Information:

Vendor: Samsung
Status: Galaxy S6 Edge Firmware
Vendor: CVE Published:; 9 August 2017

Summary

The DCMProvider service in Samsung LibQjpeg on a Samsung SM-G925V device running build number LRX22G.G925VVRU1AOE2 allows remote attackers to cause a denial of service (segmentation fault and process crash) and execute arbitrary code via a crafted JPG.

References

https://bugs.chromium.org/p/project-zero/issues/detail?id...

x_refsource_MISC

http://packetstormsecurity.com/files/134197/Samsung-LibQj...

x_refsource_MISC

http://www.securityfocus.com/bid/77423

vdb-entryx_refsource_BID

EPSS Score

7% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Aug 9, 2017
Vulnerability Reserved
Oct 22, 2015

.