Denial of Service Vulnerability in Samsung LibQjpeg on Samsung Devices
CVE-2015-7894

8.8HIGH

Key Information:

Vendor
Samsung
Status
Galaxy S6 Edge Firmware
Vendor
CVE Published:
9 August 2017

Summary

The DCMProvider service in the Samsung LibQjpeg library on the Samsung SM-G925V device is susceptible to a denial of service attack. By sending a specially crafted JPG file, a remote attacker can trigger a segmentation fault, leading to the crash of the LibQjpeg process. This vulnerability poses a serious risk as it allows unauthorized users to potentially execute arbitrary code, compromising device integrity and security.

References

https://bugs.chromium.org/p/project-zero/issues/detail?id...
x_refsource_MISC
http://packetstormsecurity.com/files/134197/Samsung-LibQj...
x_refsource_MISC
http://www.securityfocus.com/bid/77423
vdb-entryx_refsource_BID

EPSS Score

9% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.